vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity

KMS User Guide 20230619 Version.

Browse Source 
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>
This commit is contained in:
Li, Qiao 2023-07-06 09:04:08 +00:00 committed by zuul
parent 84321a2353
commit 9ef1eb82a1
63 changed files with 1198 additions and 948 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
docs/kms/umn/.placeholder
View File

574
docs/kms/umn/ALL_META.TXT.json
View File

File diff suppressed because it is too large Load Diff

576
docs/kms/umn/CLASS.TXT.json
View File

File diff suppressed because it is too large Load Diff

BIN
docs/kms/umn/en-us_image_0000001357372181.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
docs/kms/umn/en-us_image_0000001357411985.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 30 KiB

BIN
docs/kms/umn/en-us_image_0205545064.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 21 KiB

34
docs/kms/umn/en-us_topic_0034330265.html
View File

@ -1,34 +0,0 @@
<a name="en-us_topic_0034330265"></a><a name="en-us_topic_0034330265"></a>
<h1 class="topictitle1">Creating a Key</h1>
<div id="body1469675083219"><div class="section" id="en-us_topic_0034330265__section24085427155358"><h4 class="sectiontitle">Scenario</h4><p id="en-us_topic_0034330265__p54509404113454">This section describes how to create a CMK on the KMS management console. You can create up to 100 CMKs, excluding Default Master Keys.</p>
<div class="p" id="en-us_topic_0034330265__p5404296512225">The CMK is perfectly suited for but not limited to the following scenarios:<ul id="en-us_topic_0034330265__ul6667118912318"><li id="en-us_topic_0034330265__li2815583612318">Server-side encryption on OBS</li><li id="en-us_topic_0034330265__li4493399512330">Encryption of data on EVS disks</li><li id="en-us_topic_0034330265__li6731401112130">Encryption of private images on IMS</li><li id="en-us_topic_0034330265__li173242466919">File system encryption on SFS</li><li id="en-us_topic_0034330265__li16614134361">Disk encryption for database instances in RDS</li><li id="en-us_topic_0034330265__li133130691243">DEK encryption and decryption for user applications</li></ul>
</div>
<div class="note" id="en-us_topic_0034330265__note5633572415214"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="en-us_topic_0034330265__p3725947115214">Aliases of Default Master Keys end with <span class="parmname" id="en-us_topic_0034330265__parmname9545448591155"><b>/default</b></span>. It is not allowed to use aliases ending with <span class="parmname" id="en-us_topic_0034330265__parmname144172522111543"><b>/default</b></span> for your CMKs.</p>
</div></div>
</div>
<div class="section" id="en-us_topic_0034330265__section556861155951"><h4 class="sectiontitle">Prerequisites</h4><p id="en-us_topic_0034330265__p3227183516035">You have obtained an account and its password for logging in to the management console.</p>
</div>
<div class="section" id="en-us_topic_0034330265__section408105191602"><h4 class="sectiontitle">Procedure</h4><ol id="en-us_topic_0034330265__ol20373371114520"><li id="en-us_topic_0034330265__li974624615513"><span>Log in to the management console.</span></li><li id="en-us_topic_0034330265__li8729205115641"><span>Click <span><img id="en-us_topic_0034330265__image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="en-us_topic_0034330265__li5858326415513"><span>Choose <span class="menucascade" id="en-us_topic_0034330265__menucascade2153575894640"><b><span class="uicontrol" id="en-us_topic_0034330265__uicontrol6048240194640">Security</span></b> &gt; <b><span class="uicontrol" id="en-us_topic_0034330265__uicontrol3001022894640">Key Management Service</span></b></span>. The <strong id="en-us_topic_0034330265__b2994505611418">Key Management Service</strong> page is displayed.</span></li><li id="en-us_topic_0034330265__li24925741114829"><span>Click <strong id="en-us_topic_0034330265__b83353675913">Create Key</strong> in the upper right corner of the page. In the dialog box that is displayed, enter the alias and description of the key.</span><p><div class="fignone" id="en-us_topic_0034330265__fig197191687132"><span class="figcap"><b>Figure 1 </b>Create Key dialog box</span><br><span><img id="en-us_topic_0034330265__image1290331423814" src="en-us_image_0210226589.png" title="Click to enlarge" class="imgResize"></span></div>
<ul id="en-us_topic_0034330265__ul116951630171213"><li id="en-us_topic_0034330265__li116961230101220"><strong id="en-us_topic_0034330265__b8335361392">Alias</strong> is the alias of the CMK to be created.</li><li id="en-us_topic_0034330265__li1520243416122">(Optional) <strong id="en-us_topic_0034330265__b66254812399">Description</strong> is the description of the CMK.</li></ul>
</p></li><li id="en-us_topic_0034330265__li94550558617"><span>(Optional) Add tags as needed, and enter the tag key and tag value.</span><p><div class="note" id="en-us_topic_0034330265__note1398105573314"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="en-us_topic_0034330265__ul5912584341"><li id="en-us_topic_0034330265__li2062319186403">When a CMK has been created without any tag, you can add a tag to the CMK later as necessary. Click the alias of the CMK. The page with key details is displayed. Then you can add tags to the CMK.</li><li id="en-us_topic_0034330265__li179165818342">The same tag (including tag key and tag value) can be used for different CMKs. However, under the same CMK, one tag key can have only one tag value.</li><li id="en-us_topic_0034330265__li5915812343">A maximum of 10 tags can be added for one CMK.</li><li id="en-us_topic_0034330265__li21951634133510">If you want to delete a tag to be added when adding multiple tags, you can click <strong id="en-us_topic_0034330265__b84235270693629">Delete</strong> in the row where the tag to be added is located to delete the tag.</li></ul>
</div></div>
</p></li><li id="en-us_topic_0034330265__li6331023914251"><span>Click <strong id="en-us_topic_0034330265__b1125524134017">OK</strong>.</span><p><p id="en-us_topic_0034330265__p38796286141356">In the CMK list, you can view created CMKs. The default status of a CMK is <span class="parmname" id="en-us_topic_0034330265__parmname2314745293727"><b>Enabled</b></span>.</p>
</p></li></ol>
</div>
<div class="section" id="en-us_topic_0034330265__section1638212611642"><h4 class="sectiontitle">Related Operations</h4><ul id="en-us_topic_0034330265__ul366744581153"><li id="en-us_topic_0034330265__li49152713125435">For details about how to upload objects with server-side encryption, see section <span class="filepath" id="en-us_topic_0034330265__filepath987572475112840"><b>Uploading a File with Server-Side Encryption</b></span> in the <em id="en-us_topic_0034330265__i842352697112933">Object Storage Service User Guide</em>.</li><li id="en-us_topic_0034330265__li62734777115417">For details about how to encrypt data on EVS disks, see section <span class="filepath" id="en-us_topic_0034330265__filepath241712021162243"><b>Creating an EVS Disk</b></span> in the <em id="en-us_topic_0034330265__i34028223416231">Elastic Volume Service User Guide</em>.</li><li id="en-us_topic_0034330265__li7779218112256">For details about how to encrypt private images, see section <span class="filepath" id="en-us_topic_0034330265__filepath46808451162352"><b>Encrypting an Image</b></span> in the <em id="en-us_topic_0034330265__i19558150162446">Image Management Service User Guide</em>.</li><li id="en-us_topic_0034330265__li14595149151010">For details about how to encrypt the file system on SFS, see section <span class="filepath" id="en-us_topic_0034330265__filepath15244373129"><b>Creating a File System</b></span> in the <em id="en-us_topic_0034330265__i842352697113934">Scalable File Service User Guide</em>.</li><li id="en-us_topic_0034330265__li14492103123114">For details about how to encrypt disks for a database instance in RDS, see section <span class="filepath" id="en-us_topic_0034330265__filepath18914175565815"><b>Creating an RDS MySQL DB Instance</b></span> in the <em id="en-us_topic_0034330265__i1146920454528">Relational Database Service User Guide</em>.</li><li id="en-us_topic_0034330265__li320837341026">For details about how to create a DEK and a plaintext-free DEK, see sections <span class="filepath" id="en-us_topic_0034330265__filepath579501344104811"><b>Creating a DEK</b></span> and <span class="filepath" id="en-us_topic_0034330265__filepath948627244104811"><b>Creating a Plaintext-Free DEK</b></span> in the <em id="en-us_topic_0034330265__i1798235270104838">Key Management Service API Reference</em>.</li><li id="en-us_topic_0034330265__li333984961153">For details about how to encrypt and decrypt a DEK for a user application, see sections <span class="filepath" id="en-us_topic_0034330265__filepath149751496011912"><b>Encrypting a DEK</b></span> and <span class="filepath" id="en-us_topic_0034330265__filepath26571164911912"><b>Decrypting a DEK</b></span> in the <em id="en-us_topic_0034330265__i177637891916225">Key Management Service API Reference</em>.</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>

2
docs/kms/umn/kms_01_0003.html
View File

@ -23,7 +23,7 @@
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">About KMS</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">Key Management</a></div>
</div>
</div>

1
docs/kms/umn/kms_01_0005.html
View File

@ -2,6 +2,7 @@
<h1 class="topictitle1">CMK</h1>
<div id="body1481514797769"><p id="kms_01_0005__p934910093524">A Customer Master Key (CMK) is a Key Encryption Key (KEK) created by a user using KMS. It is used to encrypt and protect Data Encryption Keys (DEKs). One CMK can be used to encrypt one or multiple DEKs.</p>
<p id="kms_01_0005__p2245172613207">CMKs are categorized into custom keys and default keys.</p>
</div>
<div>
<div class="familylinks">

2
docs/kms/umn/kms_01_0008.html
View File

@ -1,7 +1,7 @@
<a name="kms_01_0008"></a><a name="kms_01_0008"></a>
<h1 class="topictitle1">HSM</h1>
<div id="body1481514797770"><p id="kms_01_0008__p8060118">A hardware security module (HSM) is a hardware device that securely produces, stores, manages, and uses CMKs. In addition, it provides encryption processing services.</p>
<div id="body1481514797770"><p id="kms_01_0008__p89320410494">A Hardware Security Module (HSM) securely produces, stores, manages, and uses keys and provides encryption services.</p>
</div>
<div>
<div class="familylinks">

8
docs/kms/umn/kms_01_0013.html
View File

@ -8,16 +8,10 @@
</li>
<li class="ulchildlink"><strong><a href="kms_01_0015.html">How to Use KMS</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0016.html">Related Services</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0017.html">User Permissions</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_9999.html">KMS Permissions Management</a></strong><br>
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">About KMS</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">Key Management</a></div>
</div>
</div>

7
docs/kms/umn/kms_01_0014.html
View File

@ -1,9 +1,10 @@
<a name="kms_01_0014"></a><a name="kms_01_0014"></a>
<h1 class="topictitle1">How to Access KMS</h1>
<div id="body1481523501204"><p id="kms_01_0014__ae61941d6722847ba9e86e2a7866969e2">The public cloud provides a web-based service management platform. You can access KMS using HTTPS-compliant APIs or the management console.</p>
<ul id="kms_01_0014__u6f7625d78f094bfd8343a6b118d6bf97"><li id="kms_01_0014__l649782010e724003af3093c376d41cc9">Management console<p id="kms_01_0014__p25880410194748"><a name="kms_01_0014__l649782010e724003af3093c376d41cc9"></a><a name="l649782010e724003af3093c376d41cc9"></a>If you have registered with the public cloud, you can log in to the management console directly. In the upper left corner of the console, click <span><img id="kms_01_0014__image16631342183212" src="en-us_image_0237800345.png"></span>. Select a region or project. Choose <span class="menucascade" id="kms_01_0014__menucascade1561064720173856"><b><span class="uicontrol" id="kms_01_0014__uicontrol160997644173856">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0014__uicontrol1348480497173856">Key Management Service</span></b></span>.</p>
</li><li id="kms_01_0014__l0fe14481cf1b4131b46a61639bab7967">API<p id="kms_01_0014__af56ad3ca8c104fb4bde132c85517bbb3"><a name="kms_01_0014__l0fe14481cf1b4131b46a61639bab7967"></a><a name="l0fe14481cf1b4131b46a61639bab7967"></a>You can access KMS using APIs. For details, see the <em id="kms_01_0014__i90498376414321">Key Management Service API Reference</em>.</p>
<div id="body1481523501204"><p id="kms_01_0014__ae61941d6722847ba9e86e2a7866969e2">The cloud service provides a web-based service management platform. You can access KMS using HTTPS-compliant APIs or the management console.</p>
<ul id="kms_01_0014__u6f7625d78f094bfd8343a6b118d6bf97"><li id="kms_01_0014__l649782010e724003af3093c376d41cc9">Management console<p id="kms_01_0014__p25880410194748"><a name="kms_01_0014__l649782010e724003af3093c376d41cc9"></a><a name="l649782010e724003af3093c376d41cc9"></a>If you have registered with the cloud service, you can log in to the management console directly. In the upper left corner of the console, click <span><img id="kms_01_0014__image16631342183212" src="en-us_image_0237800345.png"></span>. Select a region or project. Choose <span class="menucascade" id="kms_01_0014__menucascade1561064720173856"><b><span class="uicontrol" id="kms_01_0014__uicontrol160997644173856">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0014__uicontrol1348480497173856">Key Management Service</span></b></span>.</p>
<p id="kms_01_0014__p76262476426"></p>
</li><li id="kms_01_0014__l0fe14481cf1b4131b46a61639bab7967">API<p id="kms_01_0014__af56ad3ca8c104fb4bde132c85517bbb3"><a name="kms_01_0014__l0fe14481cf1b4131b46a61639bab7967"></a><a name="l0fe14481cf1b4131b46a61639bab7967"></a>You can access KMS using APIs. For details, see .</p>
</li></ul>
</div>
<div>

206
docs/kms/umn/kms_01_0016.html
View File

File diff suppressed because it is too large Load Diff

4
docs/kms/umn/kms_01_0017.html
View File

@ -1,12 +1,12 @@
<a name="kms_01_0017"></a><a name="kms_01_0017"></a>
<h1 class="topictitle1">User Permissions</h1>
<div id="body1490701290578"><p id="kms_01_0017__p46633707194145">The public cloud system provides two types of permissions by default: user management and resource management. User management refers to the management of users, user groups, and user groups' rights. Resource management refers to the control of operations that can be performed by users on cloud service resources.</p>
<div id="body1490701290578"><p id="kms_01_0017__p46633707194145">The system provides two types of permissions by default: user management and resource management. User management refers to the management of users, user groups, and user groups' rights. Resource management refers to the control of operations that can be performed by users on cloud service resources.</p>
<p id="kms_01_0017__p20325736194145">For further details, see <a href="https://docs.otc.t-systems.com/en-us/permissions/index.html" target="_blank" rel="noopener noreferrer">Permissions</a>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0013.html">Accessing and Using KMS</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0109.html">Service Overview</a></div>
</div>
</div>

14
docs/kms/umn/kms_01_0018.html
View File

@ -1,27 +1,29 @@
<a name="kms_01_0018"></a><a name="kms_01_0018"></a>
<h1 class="topictitle1">Management</h1>
<h1 class="topictitle1">Key Management</h1>
<div id="body1469675083218"></div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="en-us_topic_0034330265.html">Creating a Key</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_194.html">Creating a Key</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0019.html">Creating CMKs Using Imported Key Material</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0072.html">Scheduling the Deletion of One or Multiple CMKs</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0032.html">Managing CMKs</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0021.html">Configuring SMN</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0023.html">Managing Tags</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0028.html">Managing a Grant</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0138.html">Rotating CMKs</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0032.html">Managing CMKs</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0028.html">Managing a Grant</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_9998.html">Permissions Management</a></strong><br>
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0196.html">User Guide</a></div>
</div>
</div>

6
docs/kms/umn/kms_01_0019.html
View File

@ -6,14 +6,14 @@
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="kms_01_0054.html">Overview</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0055.html">Importing Key Material</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0055.html">Importing a Key Material</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0020.html">Deleting Key Material</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0020.html">Deleting a Key Material</a></strong><br>
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Key Management</a></div>
</div>
</div>

8
docs/kms/umn/kms_01_0020.html
View File

@ -1,14 +1,14 @@
<a name="kms_01_0020"></a><a name="kms_01_0020"></a>
<h1 class="topictitle1">Deleting Key Material</h1>
<h1 class="topictitle1">Deleting a Key Material</h1>
<div id="body1520999169511"><div class="section" id="kms_01_0020__sca880be282b5423eb210862b51049a3e"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0020__a2f6ce1dba5184b71ab6b9aa5c2d492f3">When importing key material, you can specify the expiration time. After the key material expires, KMS deletes it, and the status of the CMK changes to <strong id="kms_01_0020__b842352706195336">Pending import</strong>. You can manually delete the key material as needed. The effect of expiration of the key material is the same as that of manual deletion of the key material.</p>
<p id="kms_01_0020__p09617577515">This section describes how to delete imported key material on the management console.</p>
<div class="note" id="kms_01_0020__note48554101985"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0020__ul174851720185113"><li id="kms_01_0020__li194861120175111">After the key material is deleted, if you need to re-import the key material, the key material to be imported must be the same as that has been deleted.</li><li id="kms_01_0020__li348732085116">After the same key material is re-imported, you can use the CMK to decrypt all data encrypted using this key before deletion.</li></ul>
<div class="note" id="kms_01_0020__note48554101985"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0020__ul174851720185113"><li id="kms_01_0020__li194861120175111">After the key material is deleted, if you need to re-import the key material, the key material to be imported must be the same as that has been deleted.</li><li id="kms_01_0020__li348732085116">After the same key material is re-imported, you can use the CMK to decrypt all data encrypted using this key before deletion.</li><li id="kms_01_0020__li1239583520196">After the deletion, the CMK will become unavailable and its status will change to <strong id="kms_01_0020__b444913383506">Pending import</strong>.</li></ul>
</div></div>
</div>
<div class="section" id="kms_01_0020__sb5977e06db7340a1b1c77b833a445de3"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0020__u24d9b765ec3d43c289b88df0da71077d"><li id="kms_01_0020__lf2ee55eab6f54e0ea5db1f1ca4e15f71">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0020__l4a9b9a15464f4534a97538c4ccd92daa">You have imported the key material for a CMK.</li><li id="kms_01_0020__lf5c9f062e85d4fa1b6361a8daa255c3d">The material source of the CMK is <strong id="kms_01_0020__b84235270614210">External</strong>.</li><li id="kms_01_0020__l18ecbfc1a5f143f9ad19c7cc2502ae49">The CMK status is <strong id="kms_01_0020__b84235270614228">Enabled</strong> or <strong id="kms_01_0020__b84235270614233">Disabled</strong>.</li></ul>
<div class="section" id="kms_01_0020__sb5977e06db7340a1b1c77b833a445de3"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0020__u24d9b765ec3d43c289b88df0da71077d"><li id="kms_01_0020__l4a9b9a15464f4534a97538c4ccd92daa">You have imported the key material for a CMK.</li><li id="kms_01_0020__lf5c9f062e85d4fa1b6361a8daa255c3d">The material source of the CMK is <strong id="kms_01_0020__b84235270614210">External</strong>.</li><li id="kms_01_0020__l18ecbfc1a5f143f9ad19c7cc2502ae49">The CMK status is <strong id="kms_01_0020__b84235270614228">Enabled</strong> or <strong id="kms_01_0020__b84235270614233">Disabled</strong>.</li></ul>
</div>
<div class="section" id="kms_01_0020__sfc815d094c7c4eee9334ff32ef341265"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0020__o5c12bfb65c374ee3968fc3a9727ab45d"><li id="kms_01_0020__l7406334cc836467197bba582f130cef1"><span>Log in to the management console.</span></li><li id="kms_01_0020__li678575875"><span>Click <span><img id="kms_01_0020__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0020__l6143ff2e2a2743fc86b0e140fac9f8fa"><span>Choose <span class="menucascade" id="kms_01_0020__menucascade094717390565"><b><span class="uicontrol" id="kms_01_0020__uicontrol394523917560">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0020__uicontrol12945639185616">Key Management Service</span></b></span>. The <strong id="kms_01_0020__b79470398569">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0020__l18170ea1d6144d55be3ba1a068244e42"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0020__uicontrol59469908102821"><b>Delete Key Material</b></span>.</span></li><li id="kms_01_0020__l39b87f850b544e66b283b37fb1c6acf0"><span>In the dialog box that is displayed, click <strong id="kms_01_0020__b54431615559">OK</strong>.</span><p><p id="kms_01_0020__aa6c65453d53c4d62b734ce953d850153">After the deletion, the CMK will become unavailable and its status changes to <strong id="kms_01_0020__b84235270614054">Pending import</strong>.</p>
<div class="section" id="kms_01_0020__sfc815d094c7c4eee9334ff32ef341265"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0020__o5c12bfb65c374ee3968fc3a9727ab45d"><li id="kms_01_0020__l7406334cc836467197bba582f130cef1"><span>Log in to the management console.</span></li><li id="kms_01_0020__li9473011534"><span>Click <span><img id="kms_01_0020__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0020__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0020__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0020__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0020__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0020__l18170ea1d6144d55be3ba1a068244e42"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0020__uicontrol59469908102821"><b>Delete Key Material</b></span>.</span></li><li id="kms_01_0020__l39b87f850b544e66b283b37fb1c6acf0"><span>In the dialog box that is displayed, click <strong id="kms_01_0020__b54431615559">OK</strong>.</span><p><p id="kms_01_0020__aa6c65453d53c4d62b734ce953d850153">After the deletion, the CMK will become unavailable and its status changes to <strong id="kms_01_0020__b84235270614054">Pending import</strong>.</p>
</p></li></ol>
</div>
</div>

8
docs/kms/umn/kms_01_0021.html
View File

@ -4,9 +4,9 @@
<div id="body1508294503832"><div class="section" id="kms_01_0021__section33487757104334"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0021__p8049661185241">This section describes how to configure the Simple Message Notification (SMN) function on the Cloud Trace Service (CTS) console.</p>
<p id="kms_01_0021__p1913465116373">Decryption will fail if the CMK used has been scheduled for deletion. You will receive messages about the decryption failure on terminals (SMS, email, HTTP, or HTTPS) if the SMN function has been configured in CTS.</p>
</div>
<div class="section" id="kms_01_0021__section57729878104346"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0021__ul4571711111730"><li id="kms_01_0021__li1280754412733">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0021__li28245747164832">CTS has been enabled.</li><li id="kms_01_0021__li21648919164843">You have subscribed to SMN.</li></ul>
<div class="section" id="kms_01_0021__section57729878104346"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0021__ul4571711111730"><li id="kms_01_0021__li28245747164832">CTS has been enabled.</li><li id="kms_01_0021__li21648919164843">You have subscribed to SMN.</li></ul>
</div>
<div class="section" id="kms_01_0021__section2642313510441"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0021__ol3183416105949"><li id="kms_01_0021__li974624615513"><span>Log in to the management console.</span></li><li id="kms_01_0021__li678575875"><span>Click <span><img id="kms_01_0021__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0021__li19281719165339"><span>Choose <strong id="kms_01_0021__b842352706131831">Management &amp; Deployment</strong> &gt; <strong id="kms_01_0021__b842352706131835">Cloud Trace Service</strong> to go to the CTS console.</span></li><li id="kms_01_0021__li265342311115"><span>In the navigation tree on the left, click <strong id="kms_01_0021__b1647827584165843">Tracker</strong>.</span></li><li id="kms_01_0021__li17474406175111"><span>If the desired tracker is not enabled, click <strong id="kms_01_0021__b842352706104817">Enable</strong>. In the dialog box that is displayed, click <strong id="kms_01_0021__b842352706104820">OK</strong> to enable the tracker. If the tracker is already enabled, skip this step.</span></li><li id="kms_01_0021__li17558430122017"><span>In the navigation tree on the left, click <strong id="kms_01_0021__b19232838122414">Key Event Notifications</strong>. The <strong id="kms_01_0021__b27321189254">Key Event Notifications</strong> page is displayed.</span></li><li id="kms_01_0021__li39728324111854"><span>Click <strong id="kms_01_0021__b2635194392514">Create Key Event Notification</strong> at the upper right corner of the page. The creation page is displayed.</span></li><li id="kms_01_0021__li5717239711324"><span>In the <strong id="kms_01_0021__b1761212716261">Basic Information</strong> area, enter a notification name. See <a href="#kms_01_0021__fig197519401153">Figure 1</a> for details.</span><p><div class="fignone" id="kms_01_0021__fig197519401153"><a name="kms_01_0021__fig197519401153"></a><a name="fig197519401153"></a><span class="figcap"><b>Figure 1 </b>Configuring basic information</span><br><span><img id="kms_01_0021__image85404491212" src="en-us_image_0129547803.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0021__section2642313510441"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0021__ol3183416105949"><li id="kms_01_0021__li974624615513"><span>Log in to the management console.</span></li><li id="kms_01_0021__li678575875"><span>Click <span><img id="kms_01_0021__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0021__li19281719165339"><span>Choose <strong id="kms_01_0021__b842352706131831">Management &amp; Deployment</strong> &gt; <strong id="kms_01_0021__b842352706131835">Cloud Trace Service</strong> to go to the CTS console.</span></li><li id="kms_01_0021__li265342311115"><span>In the navigation tree on the left, click <strong id="kms_01_0021__b1647827584165843">Tracker</strong>.</span></li><li id="kms_01_0021__li17474406175111"><span>If the desired tracker is not enabled, click <strong id="kms_01_0021__b842352706104817">Enable</strong>. In the dialog box that is displayed, click <strong id="kms_01_0021__b842352706104820">OK</strong> to enable the tracker. If the tracker is already enabled, skip this step.</span></li><li id="kms_01_0021__li17558430122017"><span>In the navigation tree on the left, click <strong id="kms_01_0021__b19232838122414">Key Event Notifications</strong>. The <strong id="kms_01_0021__b27321189254">Key Event Notifications</strong> page is displayed.</span></li><li id="kms_01_0021__li39728324111854"><span>Click <strong id="kms_01_0021__b2635194392514">Create Key Event Notification</strong> at the upper right corner of the page. The creation page is displayed.</span></li><li id="kms_01_0021__li5717239711324"><span>In the <strong id="kms_01_0021__b1761212716261">Basic Information</strong> area, enter a notification name. See <a href="#kms_01_0021__fig197519401153">Figure 1</a> for details.</span><p><div class="fignone" id="kms_01_0021__fig197519401153"><a name="kms_01_0021__fig197519401153"></a><a name="fig197519401153"></a><span class="figcap"><b>Figure 1 </b>Configuring basic information</span><br><span><img id="kms_01_0021__image85404491212" src="en-us_image_0129547803.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0021__li445919121029"><span>Select operation types in the <strong id="kms_01_0021__b132408416286">Operation</strong> area. See <a href="#kms_01_0021__fig103085242037">Figure 2</a> for details.</span><p><div class="fignone" id="kms_01_0021__fig103085242037"><a name="kms_01_0021__fig103085242037"></a><a name="fig103085242037"></a><span class="figcap"><b>Figure 2 </b>Selecting operation types</span><br><span><img id="kms_01_0021__image1330819245317" src="en-us_image_0129548665.png" title="Click to enlarge" class="imgResize"></span></div>
<p id="kms_01_0021__p1510314016116"></p>
@ -35,7 +35,7 @@
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0021__table6950950191420" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Parameters for configuring the SMN notification</caption><thead align="left"><tr id="kms_01_0021__row1794875018140"><th align="left" class="cellrowborder" valign="top" width="17%" id="mcps1.3.3.2.11.2.2.2.4.1.1"><p id="kms_01_0021__p1694845015149"><strong>Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="61%" id="mcps1.3.3.2.11.2.2.2.4.1.2"><p id="kms_01_0021__p8948450141410"><strong id="kms_01_0021__b1625547949">Description</strong></p>
<th align="left" class="cellrowborder" valign="top" width="61%" id="mcps1.3.3.2.11.2.2.2.4.1.2"><p id="kms_01_0021__p8948450141410"><strong id="kms_01_0021__b1282533920">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22%" id="mcps1.3.3.2.11.2.2.2.4.1.3"><p id="kms_01_0021__p1994855091419"><strong id="kms_01_0021__b842352706113752">Configuration</strong></p>
</th>
@ -65,7 +65,7 @@
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Key Management</a></div>
</div>
</div>

4
docs/kms/umn/kms_01_0023.html
View File

@ -6,7 +6,7 @@
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="kms_01_0024.html">Adding a Tag</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0025.html">Searching for Tags</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0025.html">Searching for a CMK by Tag</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0026.html">Modifying Tag Values</a></strong><br>
</li>
@ -15,7 +15,7 @@
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Key Management</a></div>
</div>
</div>

31
docs/kms/umn/kms_01_0024.html
View File

@ -2,45 +2,42 @@
<h1 class="topictitle1">Adding a Tag</h1>
<div id="body1521013750974"><div class="section" id="kms_01_0024__s4e4979ae5e714e439604cdc40578fe1b"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0024__en-us_topic_0100501397_p64391073243">Tags are used to identify CMKs. You can add tags to CMKs so that you can classify CMKs, trace them, and collect their usage status according to the tags.</p>
<div class="notice" id="kms_01_0024__n6672f6fdef0d41949838c4feb3b27f00"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="kms_01_0024__a865583e377e1427a91ed7769a860fa28">KMS does not support adding tags to Default Master Keys.</p>
</div></div>
</div>
<div class="section" id="kms_01_0024__s3585ec157e684e689b9e070e93702dad"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0024__en-us_topic_0100501397_p846019020318">You have obtained an account and its password for logging in to the management console.</p>
<div class="section" id="kms_01_0024__section7622144917348"><h4 class="sectiontitle">Constraints</h4><p id="kms_01_0024__en-us_topic_0112947600_p178087013352">Tags cannot be added to default keys.</p>
</div>
<div class="section" id="kms_01_0024__s6d6371deb6044a3f9c806fb74fb09a6a"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0024__o601a4b21e5bd4669955f9c5751ff30f4"><li id="kms_01_0024__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0024__li678575875"><span>Click <span><img id="kms_01_0024__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0024__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0024__menucascade74408217717"><b><span class="uicontrol" id="kms_01_0024__uicontrol1643815217717">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0024__uicontrol34391921714">Key Management Service</span></b></span>. The <strong id="kms_01_0024__b444020216720">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0024__li552031211419"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0024__ld0ca5f10c53144a4aed1835dd01039f5"><span>Click <strong id="kms_01_0024__b842352706165044">Tags</strong> to go to the tag management page.</span><p><div class="fignone" id="kms_01_0024__fig1450357173911"><span class="figcap"><b>Figure 1 </b>Managing tags</span><br><span><img id="kms_01_0024__image733395013264" src="en-us_image_0129107168.png"></span></div>
<div class="section" id="kms_01_0024__s6d6371deb6044a3f9c806fb74fb09a6a"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0024__o601a4b21e5bd4669955f9c5751ff30f4"><li id="kms_01_0024__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0024__li678575875"><span>Click <span><img id="kms_01_0024__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0024__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0024__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0024__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0024__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0024__li552031211419"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0024__ld0ca5f10c53144a4aed1835dd01039f5"><span>Click <strong id="kms_01_0024__b842352706165044">Tags</strong> to go to the tag management page.</span><p><div class="fignone" id="kms_01_0024__fig1450357173911"><span class="figcap"><b>Figure 1 </b>Managing tags</span><br><span><img id="kms_01_0024__image733395013264" src="en-us_image_0129107168.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0024__l8b6e5ea4e7d348588875ac9c502dde84"><span>Click <strong id="kms_01_0024__b17413440582">Add Tag</strong>. In the <strong id="kms_01_0024__b57091323185818">Add Tag</strong> dialog box, enter the tag key and tag value. <a href="#kms_01_0024__teaf23b4b14f841aaaa772e07bee5a20a">Table 1</a> describes the parameters.</span><p><div class="fignone" id="kms_01_0024__f47525a668085476c84565afde13ffc58"><span class="figcap"><b>Figure 2 </b>Adding a tag</span><br><span><img id="kms_01_0024__image85701432152815" src="en-us_image_0129107369.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="note" id="kms_01_0024__note148911525189"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0024__p19893122181819">If you want to delete a tag to be added when adding multiple tags, you can click <strong id="kms_01_0024__b84235270693629">Delete</strong> in the row where the tag to be added is located to delete the tag.</p>
</div></div>
<p id="kms_01_0024__p2033812320160"></p>
<div class="tablenoborder"><a name="kms_01_0024__teaf23b4b14f841aaaa772e07bee5a20a"></a><a name="teaf23b4b14f841aaaa772e07bee5a20a"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0024__teaf23b4b14f841aaaa772e07bee5a20a" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Tag parameters</caption><thead align="left"><tr id="kms_01_0024__rc58535a3fce549da9f246d184d70dfc2"><th align="left" class="cellrowborder" valign="top" width="11%" id="mcps1.3.3.2.6.2.4.2.5.1.1"><p id="kms_01_0024__en-us_topic_0100501397_p550325414277"><strong>Parameter</strong></p>
<div class="tablenoborder"><a name="kms_01_0024__teaf23b4b14f841aaaa772e07bee5a20a"></a><a name="teaf23b4b14f841aaaa772e07bee5a20a"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0024__teaf23b4b14f841aaaa772e07bee5a20a" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Tag parameters</caption><thead align="left"><tr id="kms_01_0024__rc58535a3fce549da9f246d184d70dfc2"><th align="left" class="cellrowborder" valign="top" width="11%" id="mcps1.3.3.2.6.2.3.2.5.1.1"><p id="kms_01_0024__en-us_topic_0100501397_p550325414277"><strong>Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="38%" id="mcps1.3.3.2.6.2.4.2.5.1.2"><p id="kms_01_0024__a26102430a53a4a0bacd5d7069dec49e2"><strong id="kms_01_0024__b842352706193336">Description</strong></p>
<th align="left" class="cellrowborder" valign="top" width="38%" id="mcps1.3.3.2.6.2.3.2.5.1.2"><p id="kms_01_0024__a26102430a53a4a0bacd5d7069dec49e2"><strong id="kms_01_0024__b842352706193336">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33%" id="mcps1.3.3.2.6.2.4.2.5.1.3"><p id="kms_01_0024__en-us_topic_0100501397_p250305412717"><strong id="kms_01_0024__b84235270613118">Value</strong></p>
<th align="left" class="cellrowborder" valign="top" width="33%" id="mcps1.3.3.2.6.2.3.2.5.1.3"><p id="kms_01_0024__en-us_topic_0100501397_p250305412717"><strong id="kms_01_0024__b84235270613118">Value</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.3.2.6.2.4.2.5.1.4"><p id="kms_01_0024__p19213146174417"><strong id="kms_01_0024__b84235270610336">Example Value</strong></p>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.3.2.6.2.3.2.5.1.4"><p id="kms_01_0024__p19213146174417"><strong id="kms_01_0024__b84235270610336">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0024__rf52642a625d547d6a35b2cfc34d2f823"><td class="cellrowborder" valign="top" width="11%" headers="mcps1.3.3.2.6.2.4.2.5.1.1 "><p id="kms_01_0024__a9b7c7a18d91f4681849538c75fd5e212">Tag key</p>
<tbody><tr id="kms_01_0024__rf52642a625d547d6a35b2cfc34d2f823"><td class="cellrowborder" valign="top" width="11%" headers="mcps1.3.3.2.6.2.3.2.5.1.1 "><p id="kms_01_0024__a9b7c7a18d91f4681849538c75fd5e212">Tag key</p>
</td>
<td class="cellrowborder" valign="top" width="38%" headers="mcps1.3.3.2.6.2.4.2.5.1.2 "><p id="kms_01_0024__p91159390107">Name of a tag.</p>
<td class="cellrowborder" valign="top" width="38%" headers="mcps1.3.3.2.6.2.3.2.5.1.2 "><p id="kms_01_0024__p91159390107">Name of a tag.</p>
<p id="kms_01_0024__p1551003816441">The same tag (including tag key and tag value) can be used for different CMKs. However, under the same CMK, one tag key can have only one tag value.</p>
<p id="kms_01_0024__p16287540104220">A maximum of 20 tags can be added for one CMK.</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.6.2.4.2.5.1.3 "><ul id="kms_01_0024__ul9766456111319"><li id="kms_01_0024__li1766125631315">Mandatory.</li><li id="kms_01_0024__li6767125681313">Each tag key must be unique under the same CMK.</li><li id="kms_01_0024__li5769156161319">Contains a maximum of 36 characters.</li><li id="kms_01_0024__li077095651316">Only digits, letters, underscores (_), and hyphens (-) are allowed.</li></ul>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.6.2.3.2.5.1.3 "><ul id="kms_01_0024__ul9766456111319"><li id="kms_01_0024__li1766125631315">Mandatory.</li><li id="kms_01_0024__li6767125681313">Each tag key must be unique under the same CMK.</li><li id="kms_01_0024__li5769156161319">Contains a maximum of 36 characters.</li><li id="kms_01_0024__li077095651316">Only digits, letters, underscores (_), and hyphens (-) are allowed.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.3.2.6.2.4.2.5.1.4 "><p id="kms_01_0024__p0213186204416">cost</p>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.3.2.6.2.3.2.5.1.4 "><p id="kms_01_0024__p0213186204416">cost</p>
</td>
</tr>
<tr id="kms_01_0024__re26efe410cb54792a9f962ce86c224c7"><td class="cellrowborder" valign="top" width="11%" headers="mcps1.3.3.2.6.2.4.2.5.1.1 "><p id="kms_01_0024__a98b138a8e31d44b19b614550ddadf28b">Tag value</p>
<tr id="kms_01_0024__re26efe410cb54792a9f962ce86c224c7"><td class="cellrowborder" valign="top" width="11%" headers="mcps1.3.3.2.6.2.3.2.5.1.1 "><p id="kms_01_0024__a98b138a8e31d44b19b614550ddadf28b">Tag value</p>
</td>
<td class="cellrowborder" valign="top" width="38%" headers="mcps1.3.3.2.6.2.4.2.5.1.2 "><p id="kms_01_0024__p1627581310114">Value of the tag</p>
<td class="cellrowborder" valign="top" width="38%" headers="mcps1.3.3.2.6.2.3.2.5.1.2 "><p id="kms_01_0024__p1627581310114">Value of the tag</p>
</td>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.6.2.4.2.5.1.3 "><ul id="kms_01_0024__ul121271524141420"><li id="kms_01_0024__li912802411147">This parameter can be empty.</li><li id="kms_01_0024__li2130172419147">Can contain a maximum of 43 characters.</li><li id="kms_01_0024__li713112416147">Only digits, letters, underscores (_), and hyphens (-) are allowed.</li></ul>
<td class="cellrowborder" valign="top" width="33%" headers="mcps1.3.3.2.6.2.3.2.5.1.3 "><ul id="kms_01_0024__ul121271524141420"><li id="kms_01_0024__li912802411147">This parameter can be empty.</li><li id="kms_01_0024__li2130172419147">Can contain a maximum of 43 characters.</li><li id="kms_01_0024__li713112416147">Only digits, letters, underscores (_), and hyphens (-) are allowed.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.3.2.6.2.4.2.5.1.4 "><p id="kms_01_0024__p1021366194412">100</p>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.3.2.6.2.3.2.5.1.4 "><p id="kms_01_0024__p1021366194412">100</p>
</td>
</tr>
</tbody>

6
docs/kms/umn/kms_01_0025.html
View File

@ -1,11 +1,11 @@
<a name="kms_01_0025"></a><a name="kms_01_0025"></a>
<h1 class="topictitle1">Searching for Tags</h1>
<h1 class="topictitle1">Searching for a CMK by Tag</h1>
<div id="body1521096346331"><div class="section" id="kms_01_0025__section577018018515"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0025__p1012017239485">This section describes how to search for tags through KMS. You can search for tags of all CMKs that meet the search criteria in the current project.</p>
</div>
<div class="section" id="kms_01_0025__section999612198511"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0025__ul11903195115210"><li id="kms_01_0025__li129037595218">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0025__li290355105213">Tags have been added.</li></ul>
<div class="section" id="kms_01_0025__section999612198511"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0025__p19231459385">Tags have been added.</p>
</div>
<div class="section" id="kms_01_0025__section180991135216"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0025__ol1747512255522"><li id="kms_01_0025__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0025__li678575875"><span>Click <span><img id="kms_01_0025__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0025__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0025__menucascade19291432814"><b><span class="uicontrol" id="kms_01_0025__uicontrol1692612314813">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0025__uicontrol3928193684">Key Management Service</span></b></span>. The <strong id="kms_01_0025__b89315317815">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0025__li4754542165315"><span>Click <strong id="kms_01_0025__b842352706165044">Search by Tag</strong> to show the search box.</span><p><div class="fignone" id="kms_01_0025__fig12211629175812"><span class="figcap"><b>Figure 1 </b>Searching for tags</span><br><span><img id="kms_01_0025__image17457175339" src="en-us_image_0129107843.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0025__section180991135216"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0025__ol1747512255522"><li id="kms_01_0025__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0025__li678575875"><span>Click <span><img id="kms_01_0025__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0025__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0025__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0025__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0025__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0025__li4754542165315"><span>Click <strong id="kms_01_0025__b842352706165044">Search by Tag</strong> to show the search box.</span><p><div class="fignone" id="kms_01_0025__fig12211629175812"><span class="figcap"><b>Figure 1 </b>Searching for tags</span><br><span><img id="kms_01_0025__image17457175339" src="en-us_image_0129107843.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0025__li1112781754311"><span>In the search box, enter the tag key and tag value.</span></li><li id="kms_01_0025__li19153731166"><span>Click <span><img id="kms_01_0025__image18471155344210" src="en-us_image_0237809859.png"></span> to add the input to the search criteria, and click <strong id="kms_01_0025__b84235270614458">Search</strong>. The list displays the CMKs that meet the search criteria.</span><p><div class="fignone" id="kms_01_0025__fig10181104794619"><span class="figcap"><b>Figure 2 </b>Search results</span><br><span><img id="kms_01_0025__image1344019613171" src="en-us_image_0129261916.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="note" id="kms_01_0025__note381392425"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0025__ul08151528218"><li id="kms_01_0025__li12657056454">Multiple tags can be added at one search. A maximum of 20 tags can be added for one search. If multiple tags are searched for at one time, only CMKs meet the combined search criteria will be displayed in the search result.</li><li id="kms_01_0025__li166611557428">If you want to delete an added tag from the search criteria, click <span><img id="kms_01_0025__image19297250204420" src="en-us_image_0237812311.png"></span> next to the tag.</li><li id="kms_01_0025__li128158216215">You can click <strong id="kms_01_0025__b842352706144945">Reset</strong> to reset the search criteria.</li></ul>
</div></div>

4
docs/kms/umn/kms_01_0026.html
View File

@ -3,9 +3,7 @@
<h1 class="topictitle1">Modifying Tag Values</h1>
<div id="body1521013750974"><div class="section" id="kms_01_0026__s33438abe77404bb08e9bfc96bbc39003"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0026__en-us_topic_0100501398_p44391577248">This section describes how to modify tag values on the KMS management console.</p>
</div>
<div class="section" id="kms_01_0026__sb2869617316b4e3eb8b96e50ab1cb205"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0026__en-us_topic_0100501398_p846019020318">You have obtained an account and its password for logging in to the management console.</p>
</div>
<div class="section" id="kms_01_0026__s2c920a8afbf3435d9bf8d32ebadbd889"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0026__o6f1552a3140d48da9a898fd71901aa2d"><li id="kms_01_0026__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0026__li678575875"><span>Click <span><img id="kms_01_0026__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0026__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0026__menucascade18974347813"><b><span class="uicontrol" id="kms_01_0026__uicontrol13895183418812">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0026__uicontrol148971344817">Key Management Service</span></b></span>. The <strong id="kms_01_0026__b10897634381">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0026__li1978617101434"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0026__li131929445617"><span>Click <strong id="kms_01_0026__b842352706165044">Tags</strong> to go to the tag management page.</span><p><div class="fignone" id="kms_01_0026__f87ed1f69fc8247c08f791d0b85d28fdb"><span class="figcap"><b>Figure 1 </b>Managing tags</span><br><span><img id="kms_01_0026__kms_01_0024_image733395013264" src="en-us_image_0129107168.png"></span></div>
<div class="section" id="kms_01_0026__s2c920a8afbf3435d9bf8d32ebadbd889"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0026__o6f1552a3140d48da9a898fd71901aa2d"><li id="kms_01_0026__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0026__li678575875"><span>Click <span><img id="kms_01_0026__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0026__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0026__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0026__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0026__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0026__li1978617101434"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0026__li131929445617"><span>Click <strong id="kms_01_0026__b842352706165044">Tags</strong> to go to the tag management page.</span><p><div class="fignone" id="kms_01_0026__f87ed1f69fc8247c08f791d0b85d28fdb"><span class="figcap"><b>Figure 1 </b>Managing tags</span><br><span><img id="kms_01_0026__kms_01_0024_image733395013264" src="en-us_image_0129107168.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0026__l670f2118cc97498a883921c6c1aa7620"><span>Click <strong id="kms_01_0026__b84235270616396">Edit</strong> of the target tag, and the <strong id="kms_01_0026__b842352706145538">Edit Tag</strong> dialog box is displayed.</span><p><div class="fignone" id="kms_01_0026__f05b5c9d487704bcfb0667edecea735cb"><span class="figcap"><b>Figure 2 </b>Editing a tag</span><br><span><img id="kms_01_0026__image1730213589197" src="en-us_image_0129262613.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0026__lc3de648ff187441390f6e4ec23ce4e2c"><span>In the <strong id="kms_01_0026__b842352706145645">Edit Tag</strong> dialog box, enter a tag value, and click <strong id="kms_01_0026__b842352706145741">OK</strong> to complete the editing.</span></li></ol>
</div>

11
docs/kms/umn/kms_01_0027.html
View File

@ -3,9 +3,7 @@
<h1 class="topictitle1">Deleting Tags</h1>
<div id="body1521013750974"><div class="section" id="kms_01_0027__sfdcc987297af439f89888c1689884b78"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0027__en-us_topic_0100501399_p44391577248">This section describes how to delete tags on the KMS management console.</p>
</div>
<div class="section" id="kms_01_0027__sdf9312d015234dc5941db9c0bacd830b"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0027__en-us_topic_0100501399_p846019020318">You have obtained an account and its password for logging in to the management console.</p>
</div>
<div class="section" id="kms_01_0027__s63698c78ba61410b8d89ab39f96673dd"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0027__od6e2af26235241fabf255bbdc5db682c"><li id="kms_01_0027__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0027__li678575875"><span>Click <span><img id="kms_01_0027__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0027__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0027__menucascade864402612910"><b><span class="uicontrol" id="kms_01_0027__uicontrol136421426494">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0027__uicontrol136432026994">Key Management Service</span></b></span>. The <strong id="kms_01_0027__b564612262914">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0027__li1978617101434"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0027__li1048271413589"><span>Click <strong id="kms_01_0027__kms_01_0026_b842352706165044">Tags</strong> to go to the tag management page.</span><p><div class="fignone" id="kms_01_0027__kms_01_0026_f87ed1f69fc8247c08f791d0b85d28fdb"><span class="figcap"><b>Figure 1 </b>Managing tags</span><br><span><img id="kms_01_0027__kms_01_0026_kms_01_0024_image733395013264" src="en-us_image_0129107168.png"></span></div>
<div class="section" id="kms_01_0027__s63698c78ba61410b8d89ab39f96673dd"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0027__od6e2af26235241fabf255bbdc5db682c"><li id="kms_01_0027__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0027__li678575875"><span>Click <span><img id="kms_01_0027__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0027__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0027__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0027__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0027__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0027__li1978617101434"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0027__li1048271413589"><span>Click <strong id="kms_01_0027__kms_01_0026_b842352706165044">Tags</strong> to go to the tag management page.</span><p><div class="fignone" id="kms_01_0027__kms_01_0026_f87ed1f69fc8247c08f791d0b85d28fdb"><span class="figcap"><b>Figure 1 </b>Managing tags</span><br><span><img id="kms_01_0027__kms_01_0026_kms_01_0024_image733395013264" src="en-us_image_0129107168.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0027__l2adb5a200c3b4d1d838243f236e015e5"><span>Click <strong id="kms_01_0027__b84235270616396">Delete</strong> of the target tag, and the <strong id="kms_01_0027__b842352706145538">Delete Tag</strong> dialog box is displayed.</span></li><li id="kms_01_0027__l061a399bb5fb4be48124e988b0173e31"><span>In the <strong id="kms_01_0027__ad73931a9d480405aa325f9c49d84fd98">Delete Tag</strong> dialog box, click <strong id="kms_01_0027__aeb0252af9db44ee19df921b021f4178a">Yes</strong> to complete the deletion.</span></li></ol>
</div>
</div>
@ -15,3 +13,10 @@
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>

2
docs/kms/umn/kms_01_0028.html
View File

@ -13,7 +13,7 @@
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Key Management</a></div>
</div>
</div>

6
docs/kms/umn/kms_01_0029.html
View File

@ -4,14 +4,14 @@
<div id="body1505443293309"><div class="section" id="kms_01_0029__section24674565101656"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0029__p18702707153158">You can create grants for other users to use the CMK. You can create a maximum of 100 grants for a CMK.</p>
<p id="kms_01_0029__p5203017994825">The owner of a CMK can create a grant for the CMK on the KMS management console or by making the API calls. A user, who has been granted with the grant creation permission by the owner of the CMK, can create grants for the CMK only by making the API calls.</p>
</div>
<div class="section" id="kms_01_0029__section358224101847"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0029__ul28492197191819"><li id="kms_01_0029__li26353681191821">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0029__li57638518191819">You have obtained the user ID of the grantee (user to whom permissions are to be authorized).</li><li id="kms_01_0029__li55092727101653">The desired CMK is in <span class="parmname" id="kms_01_0029__parmname6131378695056"><b>Enabled</b></span> status.</li></ul>
<div class="section" id="kms_01_0029__section358224101847"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0029__ul28492197191819"><li id="kms_01_0029__li57638518191819">You have obtained the user ID of the grantee (user to whom permissions are to be authorized).</li><li id="kms_01_0029__li55092727101653">The desired CMK is in <span class="parmname" id="kms_01_0029__parmname6131378695056"><b>Enabled</b></span> status.</li></ul>
</div>
<div class="section" id="kms_01_0029__section679064101921"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0029__ol5071866415945"><li id="kms_01_0029__li122572361272"><span>Log in to the management console.</span></li><li id="kms_01_0029__li678575875"><span>Click <span><img id="kms_01_0029__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0029__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0029__menucascade17739112336"><b><span class="uicontrol" id="kms_01_0029__uicontrol187371523320">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0029__uicontrol1573813219310">Key Management Service</span></b></span>. The <strong id="kms_01_0029__b19740132733">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0029__li20361690151112"><span>Click the alias of the desired CMK to go to the page displaying its details. You can create grants on the <strong id="kms_01_0029__b21061287507">Grants</strong> tab page.</span><p><div class="fignone" id="kms_01_0029__fig60093886153616"><span class="figcap"><b>Figure 1 </b>Grants tab</span><br><span><img id="kms_01_0029__image948531152713" src="en-us_image_0129264287.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0029__section679064101921"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0029__ol5071866415945"><li id="kms_01_0029__li122572361272"><span>Log in to the management console.</span></li><li id="kms_01_0029__li678575875"><span>Click <span><img id="kms_01_0029__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0029__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0029__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0029__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0029__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0029__li20361690151112"><span>Click the alias of the desired CMK to go to the page displaying its details. You can create grants on the <strong id="kms_01_0029__b21061287507">Grants</strong> tab page.</span><p><div class="fignone" id="kms_01_0029__fig60093886153616"><span class="figcap"><b>Figure 1 </b>Grants tab</span><br><span><img id="kms_01_0029__image948531152713" src="en-us_image_0129264287.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0029__li204947181763"><span>Click <strong id="kms_01_0029__b84235270614570">Create Grant</strong>. The <strong id="kms_01_0029__b84235270614574">Create Grant</strong> dialog box is displayed.</span><p><div class="fignone" id="kms_01_0029__fig398977361785"><span class="figcap"><b>Figure 2 </b>Creating a grant</span><br><span><img id="kms_01_0029__image72782023182211" src="en-us_image_0000001200239309.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0029__li1702376517831"><span>In the dialog box that is displayed, enter the ID of the user to be authorized and select permissions to be granted.</span><p><div class="notice" id="kms_01_0029__note4994056394325"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="kms_01_0029__p4681188494325">A grantee can perform the authorized operations only by calling the necessary API. For details, see the <em id="kms_01_0029__i842352697151314">Key Management Service API Reference</em>.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0029__table25612854105354" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="kms_01_0029__row30007999105354"><th align="left" class="cellrowborder" valign="top" width="20.79%" id="mcps1.3.3.2.6.2.2.2.4.1.1"><p id="kms_01_0029__p65451019105354"><strong>Parameter</strong></p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0029__table25612854105354" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="kms_01_0029__row30007999105354"><th align="left" class="cellrowborder" valign="top" width="20.79%" id="mcps1.3.3.2.6.2.2.2.4.1.1"><p id="kms_01_0029__p65451019105354"><strong id="kms_01_0029__b14604193812381">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="57.769999999999996%" id="mcps1.3.3.2.6.2.2.2.4.1.2"><p id="kms_01_0029__p67041161105354"><strong id="kms_01_0029__b842352706193336">Description</strong></p>
</th>

11
docs/kms/umn/kms_01_0030.html
View File

@ -3,12 +3,12 @@
<h1 class="topictitle1">Querying a Grant</h1>
<div id="body1505443293309"><div class="section" id="kms_01_0030__section24674565101656"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0030__p30686920154716">This section describes how to view the details about a grant, such as the grant ID, grantee user ID, granted operation, and creation time.</p>
</div>
<div class="section" id="kms_01_0030__section358224101847"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0030__ul7171252191858"><li id="kms_01_0030__li1192422119190">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0030__li66641378191858">You have created a grant.</li></ul>
<div class="section" id="kms_01_0030__section358224101847"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0030__p18431117153912">You have created a grant.</p>
</div>
<div class="section" id="kms_01_0030__section63833929154647"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0030__ol1082369215493"><li id="kms_01_0030__li974624615513"><span>Log in to the management console.</span></li><li id="kms_01_0030__li678575875"><span>Click <span><img id="kms_01_0030__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0030__li3698315715493"><span>Choose <span class="menucascade" id="kms_01_0030__menucascade56823241414"><b><span class="uicontrol" id="kms_01_0030__uicontrol2680152412411">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0030__uicontrol1868120243413">Key Management Service</span></b></span>. The <strong id="kms_01_0030__b56831324047">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0030__li48982665114926"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0030__li5923770015493"><span>Information about the CMK and grants created on it are displayed, <a href="#kms_01_0030__fig26845936115420">Figure 1</a> shows example grant information.</span><p><div class="fignone" id="kms_01_0030__fig26845936115420"><a name="kms_01_0030__fig26845936115420"></a><a name="fig26845936115420"></a><span class="figcap"><b>Figure 1 </b>Querying a grant</span><br><span><img id="kms_01_0030__image1436123613283" src="en-us_image_0129264298.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0030__section63833929154647"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0030__ol1082369215493"><li id="kms_01_0030__li974624615513"><span>Log in to the management console.</span></li><li id="kms_01_0030__li678575875"><span>Click <span><img id="kms_01_0030__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0030__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0030__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0030__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0030__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0030__li48982665114926"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0030__li5923770015493"><span>Information about the CMK and grants created on it are displayed, <a href="#kms_01_0030__fig26845936115420">Figure 1</a> shows example grant information.</span><p><div class="fignone" id="kms_01_0030__fig26845936115420"><a name="kms_01_0030__fig26845936115420"></a><a name="fig26845936115420"></a><span class="figcap"><b>Figure 1 </b>Querying a grant</span><br><span><img id="kms_01_0030__image1436123613283" src="en-us_image_0129264298.png" title="Click to enlarge" class="imgResize"></span></div>
<p id="kms_01_0030__p4353064317238"><a href="#kms_01_0030__table41279785172331">Table 1</a> provides more details.</p>
<div class="tablenoborder"><a name="kms_01_0030__table41279785172331"></a><a name="table41279785172331"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0030__table41279785172331" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="kms_01_0030__row17212539172331"><th align="left" class="cellrowborder" valign="top" width="21.43%" id="mcps1.3.3.2.5.2.3.2.3.1.1"><p id="kms_01_0030__p65692410172331"><strong>Parameter</strong></p>
<div class="tablenoborder"><a name="kms_01_0030__table41279785172331"></a><a name="table41279785172331"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0030__table41279785172331" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="kms_01_0030__row17212539172331"><th align="left" class="cellrowborder" valign="top" width="21.43%" id="mcps1.3.3.2.5.2.3.2.3.1.1"><p id="kms_01_0030__p65692410172331"><strong id="kms_01_0030__b10765354103813">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="78.57%" id="mcps1.3.3.2.5.2.3.2.3.1.2"><p id="kms_01_0030__p19485008172331"><strong id="kms_01_0030__b842352706193336">Description</strong></p>
</th>
@ -34,6 +34,11 @@
<td class="cellrowborder" valign="top" width="78.57%" headers="mcps1.3.3.2.5.2.3.2.3.1.2 "><p id="kms_01_0030__p26148215172331">Creation time of the grant</p>
</td>
</tr>
<tr id="kms_01_0030__row10609184495613"><td class="cellrowborder" valign="top" width="21.43%" headers="mcps1.3.3.2.5.2.3.2.3.1.1 "><p id="kms_01_0030__p1798802601718">Operation</p>
</td>
<td class="cellrowborder" valign="top" width="78.57%" headers="mcps1.3.3.2.5.2.3.2.3.1.2 "><p id="kms_01_0030__p398862613172">Operations that can be performed on a grant. For example, you can revoke a grant.</p>
</td>
</tr>
</tbody>
</table>
</div>

6
docs/kms/umn/kms_01_0031.html
View File

@ -3,12 +3,12 @@
<h1 class="topictitle1">Revoking a Grant</h1>
<div id="body1505443293309"><div class="section" id="kms_01_0031__section1615963710458"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0031__p1970991316240">You can revoke a grant in either of the following scenarios:</p>
<ul id="kms_01_0031__ul664207016251"><li id="kms_01_0031__li6392524416251">A grantee does not need the grant. (The grantee can either tell the user who has created the grant to revoke the grant or call the necessary API to revoke the grant directly.)</li><li id="kms_01_0031__li5023619616251">You do not want the grantee to have the grant.</li></ul>
<p id="kms_01_0031__p2161801162516">When a grant is revoked, the grantee does not have the corresponding permission any more. However, if the grantee has created the same grant to another user, permission of that user will not be affected.</p>
<p id="kms_01_0031__p2161801162516">When a grant is revoked, the grantee does not have the corresponding permission anymore. However, if the grantee has created the same grant to another user, permission of that user will not be affected.</p>
<p id="kms_01_0031__p18967561162725">This section describes how to revoke a grant.</p>
</div>
<div class="section" id="kms_01_0031__section51403752104654"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0031__ul7678739104739"><li id="kms_01_0031__li48912341104739">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0031__li66393297104739">You have created a grant.</li></ul>
<div class="section" id="kms_01_0031__section51403752104654"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0031__p7347124133914">You have created a grant.</p>
</div>
<div class="section" id="kms_01_0031__section64073293104744"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0031__ol36615670104755"><li id="kms_01_0031__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0031__li678575875"><span>Click <span><img id="kms_01_0031__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0031__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0031__menucascade1697015398515"><b><span class="uicontrol" id="kms_01_0031__uicontrol89671739153">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0031__uicontrol1996813918515">Key Management Service</span></b></span>. The <strong id="kms_01_0031__b1897013394512">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0031__li32238820155013"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0031__li1913549992357"><span>In the row containing the desired grantee, click <strong id="kms_01_0031__b842352706113748">Revoke Grant</strong> in the <strong id="kms_01_0031__b842352706113752">Operation</strong> column.</span></li><li id="kms_01_0031__li61593405175249"><span>In the dialog box that is displayed, click <strong id="kms_01_0031__b842352706113758">Yes</strong>. When <strong id="kms_01_0031__b84235270611382">Grant <em id="kms_01_0031__i220065515567">grant_ID</em> revoked successfully</strong> is displayed in the upper right corner, the grant has been revoked.</span></li></ol>
<div class="section" id="kms_01_0031__section64073293104744"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0031__ol36615670104755"><li id="kms_01_0031__li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0031__li678575875"><span>Click <span><img id="kms_01_0031__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0031__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0031__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0031__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0031__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0031__li32238820155013"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0031__li1913549992357"><span>In the row containing the desired grantee, click <strong id="kms_01_0031__b842352706113748">Revoke Grant</strong> in the <strong id="kms_01_0031__b842352706113752">Operation</strong> column.</span></li><li id="kms_01_0031__li61593405175249"><span>In the dialog box that is displayed, click <strong id="kms_01_0031__b842352706113758">Yes</strong>. When <strong id="kms_01_0031__b84235270611382">Grant <em id="kms_01_0031__i220065515567">grant_ID</em> revoked successfully</strong> is displayed in the upper right corner, the grant has been revoked.</span></li></ol>
</div>
</div>
<div>

4
docs/kms/umn/kms_01_0032.html
View File

@ -12,12 +12,14 @@
</li>
<li class="ulchildlink"><strong><a href="kms_01_0035.html">Disabling One or Multiple CMKs</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0072.html">Deleting One or More CMKs</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0036.html">Canceling the Scheduled Deletion of One or Multiple CMKs</a></strong><br>
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Key Management</a></div>
</div>
</div>

4
docs/kms/umn/kms_01_0033.html
View File

@ -6,9 +6,9 @@
<div class="notice" id="kms_01_0033__note33044880142759"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><ul id="kms_01_0033__ul40265103141624"><li id="kms_01_0033__li23982646141624">A Default Master Key (the alias suffix of which is <strong id="kms_01_0033__b842352706101914">/default</strong>) does not allow alias and description changes.</li><li id="kms_01_0033__li46963407141624">The alias and description of a CMK cannot be changed if the CMK is in <strong id="kms_01_0033__b842352706114029">Pending deletion</strong> status.</li></ul>
</div></div>
</div>
<div class="section" id="kms_01_0033__section6205788316731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0033__ul66045112142835"><li id="kms_01_0033__li23157536142835">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0033__li343898133717">The CMK is in <strong id="kms_01_0033__b842352706104524">Enabled</strong>, <strong id="kms_01_0033__b842352706104528">Disabled</strong>, or <strong id="kms_01_0033__b842352706104535">Pending import</strong> status.</li></ul>
<div class="section" id="kms_01_0033__section6205788316731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0033__ul66045112142835"><li id="kms_01_0033__li343898133717">The CMK is in <strong id="kms_01_0033__b842352706104524">Enabled</strong>, <strong id="kms_01_0033__b842352706104528">Disabled</strong>, or <strong id="kms_01_0033__b842352706104535">Pending import</strong> status.</li></ul>
</div>
<div class="section" id="kms_01_0033__section4980422016839"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0033__ol493401431695"><li id="kms_01_0033__li6196260212418"><span>Log in to the management console.</span></li><li id="kms_01_0033__li678575875"><span>Click <span><img id="kms_01_0033__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0033__li60506080151049"><span>Choose <span class="menucascade" id="kms_01_0033__menucascade385635741114"><b><span class="uicontrol" id="kms_01_0033__uicontrol1854105711118">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0033__uicontrol1585655791117">Key Management Service</span></b></span>. The <strong id="kms_01_0033__b78577573116">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0033__li15943985164126"><span>Click the alias of the desired CMK. Details about the CMK are displayed.</span></li><li id="kms_01_0033__li5371042310221"><span>To change the alias or description of the CMK, click <span><img id="kms_01_0033__image49024605919" src="en-us_image_0237809858.png"></span> next to the value of <strong id="kms_01_0033__b1786913401519">Alias</strong> or <strong id="kms_01_0033__b186917401514">Description</strong>.</span><p><div class="fignone" id="kms_01_0033__fig12770609173123"><span class="figcap"><b>Figure 1 </b>CMK details</span><br><span><img id="kms_01_0033__image13635101604118" src="en-us_image_0129270877.png"></span></div>
<div class="section" id="kms_01_0033__section4980422016839"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0033__ol493401431695"><li id="kms_01_0033__li6196260212418"><span>Log in to the management console.</span></li><li id="kms_01_0033__li678575875"><span>Click <span><img id="kms_01_0033__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0033__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0033__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0033__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0033__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0033__li15943985164126"><span>Click the alias of the desired CMK. Details about the CMK are displayed.</span></li><li id="kms_01_0033__li5371042310221"><span>To change the alias or description of the CMK, click <span><img id="kms_01_0033__image49024605919" src="en-us_image_0237809858.png"></span> next to the value of <strong id="kms_01_0033__b1786913401519">Alias</strong> or <strong id="kms_01_0033__b186917401514">Description</strong>.</span><p><div class="fignone" id="kms_01_0033__fig12770609173123"><span class="figcap"><b>Figure 1 </b>CMK details</span><br><span><img id="kms_01_0033__image13635101604118" src="en-us_image_0129270877.png"></span></div>
<div class="note" id="kms_01_0033__note40200761102134"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0033__ul14145520595"><li id="kms_01_0033__li1017002035911">The alias must be 1 to 255 characters in length. Only digits, letters, underscores (_), hyphens (-), colons (:), and forward slashes (/) are allowed.</li><li id="kms_01_0033__li51618841102539">Length of the description cannot exceed 255 characters.</li></ul>
</div></div>
</p></li><li id="kms_01_0033__li5387680103145"><span>Click <span><img id="kms_01_0033__image63591145173" src="en-us_image_0237809856.png"></span> to save the changes.</span></li></ol>

6
docs/kms/umn/kms_01_0034.html
View File

@ -3,10 +3,10 @@
<h1 class="topictitle1">Enabling One or Multiple CMKs</h1>
<div id="body1469675083219"><div class="section" id="kms_01_0034__section2425549414337"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0034__p43011468103517">This section describes how to use the management console to enable one or multiple CMKs. Only enabled CMKs can be used to encrypt/decrypt data. A new CMK is in the <span class="parmname" id="kms_01_0034__parmname1893194896114022"><b>Enabled</b></span> state by default.</p>
</div>
<div class="section" id="kms_01_0034__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0034__ul6266552014741"><li id="kms_01_0034__li3179870414741">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0034__li6246975595550">The CMK you want to enable is in <span class="parmname" id="kms_01_0034__parmname4085159510145"><b>Disabled</b></span> status.</li></ul>
<div class="section" id="kms_01_0034__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0034__p16651642193718">The CMK you want to enable is in <span class="parmname" id="kms_01_0034__parmname125541055103513"><b>Disabled</b></span> status.</p>
</div>
<div class="section" id="kms_01_0034__section2756238314925"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0034__ol562648314939"><li id="kms_01_0034__li6386227312432"><span>Log in to the management console.</span></li><li id="kms_01_0034__li678575875"><span>Click <span><img id="kms_01_0034__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0034__li31355946151120"><span>Choose <span class="menucascade" id="kms_01_0034__menucascade9236249201211"><b><span class="uicontrol" id="kms_01_0034__uicontrol17234144912122">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0034__uicontrol22351549171215">Key Management Service</span></b></span>. The <strong id="kms_01_0034__b8236144911212">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0034__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0034__uicontrol632378499548"><b>Enable</b></span>.</span><p><div class="fignone" id="kms_01_0034__fig31338843173456"><span class="figcap"><b>Figure 1 </b>Enabling one CMK</span><br><span><img id="kms_01_0034__image829512554615" src="en-us_image_0129271833.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0034__li175622714114"><span>In the dialog box that is displayed, click <strong id="kms_01_0034__b31012816443">Yes</strong> to enable the CMK.</span><p><div class="note" id="kms_01_0034__note597452812513"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0034__p79906280256">To enable multiple CMKs at a time, select them and click <strong id="kms_01_0034__b1811642162111">Enable</strong> in the upper left corner of the list.</p>
<div class="section" id="kms_01_0034__section2756238314925"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0034__ol562648314939"><li id="kms_01_0034__li6386227312432"><span>Log in to the management console.</span></li><li id="kms_01_0034__li678575875"><span>Click <span><img id="kms_01_0034__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0034__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0034__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0034__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0034__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0034__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0034__uicontrol632378499548"><b>Enable</b></span>.</span><p><div class="fignone" id="kms_01_0034__fig31338843173456"><span class="figcap"><b>Figure 1 </b>Enabling one CMK</span><br><span><img id="kms_01_0034__image829512554615" src="en-us_image_0129271833.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0034__li175622714114"><span>In the dialog box that is displayed, click <span class="uicontrol" id="kms_01_0034__uicontrol84610315118"><b>Yes</b></span> to enable the CMK.</span><p><div class="note" id="kms_01_0034__note597452812513"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0034__p79906280256">To enable multiple CMKs at a time, select them and click <strong id="kms_01_0034__b1811642162111">Enable</strong> in the upper left corner of the list.</p>
</div></div>
</p></li></ol>
</div>

4
docs/kms/umn/kms_01_0035.html
View File

@ -6,9 +6,9 @@
<div class="note" id="kms_01_0035__note5633572415214"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0035__p3725947115214">Default Master Keys created by KMS cannot be disabled.</p>
</div></div>
</div>
<div class="section" id="kms_01_0035__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0035__ul6266552014741"><li id="kms_01_0035__li3179870414741">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0035__li6554859114841">The CMK you want to disable is in <span class="parmname" id="kms_01_0035__parmname6131378695056"><b>Enabled</b></span> status.</li></ul>
<div class="section" id="kms_01_0035__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0035__p145220486370">The CMK you want to disable is in <span class="parmname" id="kms_01_0035__parmname11216134917448"><b>Enabled</b></span> status.</p>
</div>
<div class="section" id="kms_01_0035__section2756238314925"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0035__ol562648314939"><li id="kms_01_0035__li2265132612447"><span>Log in to the management console.</span></li><li id="kms_01_0035__li678575875"><span>Click <span><img id="kms_01_0035__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0035__li31355946151120"><span>Choose <span class="menucascade" id="kms_01_0035__menucascade350791310147"><b><span class="uicontrol" id="kms_01_0035__uicontrol85054139143">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0035__uicontrol450611136149">Key Management Service</span></b></span>. The <strong id="kms_01_0035__b1150951317147">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0035__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0035__uicontrol6078501394710"><b>Disable</b></span>.</span><p><div class="fignone" id="kms_01_0035__fig21924288145410"><span class="figcap"><b>Figure 1 </b>Disabling one CMK</span><br><span><img id="kms_01_0035__image111521653194417" src="en-us_image_0129271653.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0035__section2756238314925"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0035__ol562648314939"><li id="kms_01_0035__li2265132612447"><span>Log in to the management console.</span></li><li id="kms_01_0035__li678575875"><span>Click <span><img id="kms_01_0035__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0035__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0035__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0035__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0035__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0035__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0035__uicontrol6078501394710"><b>Disable</b></span>.</span><p><div class="fignone" id="kms_01_0035__fig21924288145410"><span class="figcap"><b>Figure 1 </b>Disabling one CMK</span><br><span><img id="kms_01_0035__image111521653194417" src="en-us_image_0129271653.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li></ol>
</div>
</div>

6
docs/kms/umn/kms_01_0036.html
View File

@ -3,10 +3,10 @@
<h1 class="topictitle1">Canceling the Scheduled Deletion of One or Multiple CMKs</h1>
<div id="body1469675083219"><div class="section" id="kms_01_0036__section2425549414337"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0036__p38532660154140">This section describes how to use the management console to cancel the scheduled deletion of one or multiple CMKs prior to deletion execution.</p>
</div>
<div class="section" id="kms_01_0036__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0036__ul6266552014741"><li id="kms_01_0036__li3179870414741">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0036__li6554859114841">The CMK for which you want to cancel the scheduled deletion is in <span class="parmname" id="kms_01_0036__parmname34727766145027"><b>Pending deletion</b></span> status.</li></ul>
<div class="section" id="kms_01_0036__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0036__p114514595371">The CMK for which you want to cancel the scheduled deletion is in <span class="parmname" id="kms_01_0036__parmname1223163824514"><b>Pending deletion</b></span> status.</p>
</div>
<div class="section" id="kms_01_0036__section10862719153923"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0036__ol30655611153923"><li id="kms_01_0036__li45980251269"><span>Log in to the management console.</span></li><li id="kms_01_0036__li678575875"><span>Click <span><img id="kms_01_0036__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0036__li55228593151332"><span>Choose <span class="menucascade" id="kms_01_0036__menucascade6569195121510"><b><span class="uicontrol" id="kms_01_0036__uicontrol156614512158">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0036__uicontrol1556895191517">Key Management Service</span></b></span>. The <strong id="kms_01_0036__b175705518159">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0036__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0036__uicontrol59469908102821"><b>Cancel Deletion</b></span>.</span><p><div class="fignone" id="kms_01_0036__fig4631005294419"><span class="figcap"><b>Figure 1 </b>Canceling the scheduled deletion of one CMK</span><br><span><img id="kms_01_0036__image11209358174812" src="en-us_image_0129272144.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0036__li3809957712347"><span>In the displayed dialog box, click <span class="uicontrol" id="kms_01_0036__uicontrol19680141055816"><b>OK</b></span> to cancel the scheduled deletion for the CMK.</span><p><div class="p" id="kms_01_0036__p940341219310"><ul id="kms_01_0036__ul7824117318"><li id="kms_01_0036__li68201120312">If the CMK is created using imported material, its status becomes <strong id="kms_01_0036__b1103291288">Disabled</strong> after the cancelation. To enable the CMK, see <a href="kms_01_0034.html">Enabling One or Multiple CMKs</a>.</li><li id="kms_01_0036__li58211115311">If the CMK is created using imported material and no key material has been imported for it, its status becomes <strong id="kms_01_0036__b842352706145336">Pending import</strong> after the cancelation. To use the CMK, perform <a href="kms_01_0019.html">Creating CMKs Using Imported Key Material</a>.</li></ul>
<div class="section" id="kms_01_0036__section10862719153923"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0036__ol30655611153923"><li id="kms_01_0036__li45980251269"><span>Log in to the management console.</span></li><li id="kms_01_0036__li678575875"><span>Click <span><img id="kms_01_0036__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0036__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0036__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0036__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0036__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0036__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0036__uicontrol59469908102821"><b>Cancel Deletion</b></span>.</span><p><div class="fignone" id="kms_01_0036__fig4631005294419"><span class="figcap"><b>Figure 1 </b>Canceling the scheduled deletion of one CMK</span><br><span><img id="kms_01_0036__image11209358174812" src="en-us_image_0129272144.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0036__li3809957712347"><span>In the displayed dialog box, click <span class="uicontrol" id="kms_01_0036__uicontrol84610315118"><b>Yes</b></span> to cancel the scheduled deletion for the CMK.</span><p><div class="p" id="kms_01_0036__p940341219310"><ul id="kms_01_0036__ul7824117318"><li id="kms_01_0036__li5814117314">If the CMK is created using KMS generated material, its status becomes <strong id="kms_01_0036__b842352706105810">Disabled</strong> after the cancelation. To enable the CMK, see <a href="kms_01_0034.html">Enabling One or Multiple CMKs</a>.</li><li id="kms_01_0036__li68201120312">If the CMK is created using imported material, its status becomes <strong id="kms_01_0036__b861812981">Disabled</strong> after the cancelation. To enable the CMK, see <a href="kms_01_0034.html">Enabling One or Multiple CMKs</a>.</li><li id="kms_01_0036__li58211115311">If the CMK is created using imported material and no key material has been imported for it, its status becomes <strong id="kms_01_0036__b842352706145336">Pending import</strong> after the cancelation. To use the CMK, perform <a href="kms_01_0019.html">Creating CMKs Using Imported Key Material</a>.</li></ul>
<div class="note" id="kms_01_0036__note2084613245301"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0036__p79906280256">To cancel the deletion of multiple CMKs at a time, select them and click <strong id="kms_01_0036__b16372351579">Cancel Deletion</strong> in the upper left corner of the list.</p>
</div></div>
</div>

18
docs/kms/umn/kms_01_0037.html
View File

@ -8,14 +8,28 @@
</li>
<li class="ulchildlink"><strong><a href="kms_01_0074.html">What Is a Customer Master Key?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0038.html">What Is a Data Encryption Key?</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0101.html">What Are the Differences Between a Custom Key and a Default Key?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0039.html">Why Cannot I Delete a CMK Immediately?</a></strong><br>
<li class="ulchildlink"><strong><a href="kms_01_0038.html">What Is a Data Encryption Key?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0040.html">Which Cloud Services Can Use KMS for Encryption?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0093.html">Will a CMK Be Charged After It Is Scheduled to Delete?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0039.html">Why Can't I Delete a CMK Immediately?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0198.html">Is There a Limit on the Number of CMKs That I Can Create on KMS?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0106.html">What Are the Benefits of Envelope Encryption?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0102.html">Can I Export a CMK from KMS?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0107.html">How Do I Use the Online Tool to Encrypt or Decrypt Small Volumes of Data?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0114.html">Can I Update CMKs Created by KMS-Generated Key Materials?</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0193.html">How Does KMS Protect My Keys?</a></strong><br>
</li>
</ul>
</div>

2
docs/kms/umn/kms_01_0039.html
View File

@ -1,6 +1,6 @@
<a name="kms_01_0039"></a><a name="kms_01_0039"></a>
<h1 class="topictitle1">Why Cannot I Delete a CMK Immediately?</h1>
<h1 class="topictitle1">Why Can't I Delete a CMK Immediately?</h1>
<div id="body8662426"><p id="kms_01_0039__a711fe33a13384f518abdeb7b5062339c">The decision to delete a CMK should be taken with caution. Before deletion, confirm that the CMK's encrypted data has all been migrated. Once the CMK is deleted, you will not be able to decrypt data with it. Therefore, KMS offers a waiting period of 7 to 1096 days for the deletion to finally take effect. On the scheduled day of deletion, the CMK will be permanently deleted. However, prior to the scheduled day, you can still cancel the deletion.</p>
</div>
<div>

8
docs/kms/umn/kms_01_0043.html
View File

@ -8,7 +8,13 @@
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0043__row1954124015428"><td class="cellrowborder" valign="top" width="36.480000000000004%" headers="mcps1.3.1.1.3.1.1 "><p id="kms_01_0043__p2054224084218">2022-09-30</p>
<tbody><tr id="kms_01_0043__row2463114112595"><td class="cellrowborder" valign="top" width="36.480000000000004%" headers="mcps1.3.1.1.3.1.1 "><p id="kms_01_0043__p146416419592">2023-06-15</p>
</td>
<td class="cellrowborder" valign="top" width="63.519999999999996%" headers="mcps1.3.1.1.3.1.2 "><p id="kms_01_0043__p1546524118599">This is the nineteenth official release.</p>
<p id="kms_01_0043__p158312061005">Added section "How Does KMS Protect My Keys?"</p>
</td>
</tr>
<tr id="kms_01_0043__row1954124015428"><td class="cellrowborder" valign="top" width="36.480000000000004%" headers="mcps1.3.1.1.3.1.1 "><p id="kms_01_0043__p2054224084218">2022-09-30</p>
</td>
<td class="cellrowborder" valign="top" width="63.519999999999996%" headers="mcps1.3.1.1.3.1.2 "><p id="kms_01_0043__p17544540124210">This issue is the eighteenth official release.</p>
<p id="kms_01_0043__p20158310144319">Optimized the content in section "Creating a Custom KMS Policy".</p>

12
docs/kms/umn/kms_01_0045.html
View File

@ -1,17 +1,23 @@
<a name="kms_01_0045"></a><a name="kms_01_0045"></a>
<h1 class="topictitle1">About KMS</h1>
<h1 class="topictitle1">Key Management</h1>
<div id="body39451090"></div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="kms_01_0003.html">Concepts</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0046.html">Application Scenarios</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0047.html">Functions</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0100.html">Product Advantages</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0046.html">Application Scenarios</a></strong><br>
</li>
<li class="ulchildlink"><strong><a href="kms_01_0013.html">Accessing and Using KMS</a></strong><br>
</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0109.html">Service Overview</a></div>
</div>
</div>

8
docs/kms/umn/kms_01_0046.html
View File

@ -4,11 +4,11 @@
<div id="body1469781462618"><p id="kms_01_0046__p891317296123">KMS can manage CMKs used for data encryption and decryption in Object Storage Service (OBS), Elastic Volume Service (EVS), Image Management Service (IMS), Scalable File Service (SFS), Relational Database Service (RDS), and user applications.</p>
<ul id="kms_01_0046__ul66832552113050"><li id="kms_01_0046__li4779579016456">For OBS, KMS applies to object encryption on OBS.<div class="note" id="kms_01_0046__note1363112116456"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p5557123316456">OBS is an object-based storage service that provides customers with massive, secure, reliable, and cost-effective data storage capabilities, including but not limited to bucket creation, modification, deletion, and management, as well as object upload, download, deletion, and general management. OBS can store all file types, and is suitable for individual subscribers, websites, enterprises, and developers. For more information about OBS, see <i><cite id="kms_01_0046__cite42321522103114">Object Storage Service User Guide</cite></i>.</p>
</div></div>
</li><li id="kms_01_0046__li41042797154053">For EVS, KMS applies to data encryption in EVS disks.<div class="note" id="kms_01_0046__note56754682154053"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p41030094154053">Based on a distributed architecture, an EVS disk is a virtual block storage device that can be elastically scaled up and down. EVS disks can be operated online. Using them is the same as using common server hard disks. Compared with traditional hard disks, EVS disks have higher data reliability and I/O throughput and are easier to use. EVS disks can be used in file systems, databases, and system software applications that require block storage devices. For more information about EVS, see the <em id="kms_01_0046__i1266153154">Elastic Volume Service User Guide</em>.</p>
</li><li id="kms_01_0046__li41042797154053">For EVS, KMS applies to data encryption in EVS disks.<div class="note" id="kms_01_0046__note56754682154053"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p41030094154053">Based on a distributed architecture, an EVS disk is a virtual block storage device that can be elastically scaled up and down. EVS disks can be operated online. Using them is the same as using common server hard disks. Compared with traditional hard disks, EVS disks have higher data reliability and I/O throughput and are easier to use. EVS disks can be used in file systems, databases, and system software applications that require block storage devices. For more information about EVS, see the <em id="kms_01_0046__i628588637">Elastic Volume Service User Guide</em>.</p>
</div></div>
</li><li id="kms_01_0046__li2913529515562">For IMS, KMS applies to the creation of encrypted private images.<div class="note" id="kms_01_0046__note3322931715562"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p3062839815562">IMS provides easy-to-use self-service image management functions. You can apply for a cloud server using either a private image or a public image. You can also create a private image using an existing ECS or an external image file. For more information about IMS, see the <em id="kms_01_0046__i1279468585">Image Management Service User Guide</em>.</p>
</li><li id="kms_01_0046__li2913529515562">For IMS, KMS applies to the creation of encrypted private images.<div class="note" id="kms_01_0046__note3322931715562"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p3062839815562">IMS provides easy-to-use self-service image management functions. You can apply for a cloud server using either a private image or a public image. You can also create a private image using an existing ECS or an external image file. For more information about IMS, see the <em id="kms_01_0046__i1646992024">Image Management Service User Guide</em>.</p>
</div></div>
</li><li id="kms_01_0046__li1385511009">For SFS, KMS applies to data encryption for files in SFS.<div class="note" id="kms_01_0046__note8512191501"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p11614192006">SFS provides high-performance file storage that is scalable on demand. It can be shared with multiple cloud servers. For more information, see the <em id="kms_01_0046__i676755579">Scalable File Service User Guide</em>.</p>
</li><li id="kms_01_0046__li1385511009">For SFS, KMS applies to data encryption for files in SFS.<div class="note" id="kms_01_0046__note8512191501"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p11614192006">SFS provides high-performance file storage that is scalable on demand. It can be shared with multiple cloud servers. For more information, see the <em id="kms_01_0046__i842352697113125">Scalable File Service User Guide</em>.</p>
</div></div>
</li><li id="kms_01_0046__li1569325073410">For RDS, KMS applies to disk encryption in RDS database instances.<div class="note" id="kms_01_0046__note069310505348"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0046__p269465053417">RDS is an online relational database service based on the cloud computing platform. RDS is out-of-box, reliable, scalable, and easy to manage. For more information about RDS, see the <i><cite id="kms_01_0046__cite03137fa2268949598d9c922e1790d42f152128">Relational Database Service User Guide</cite></i>.</p>
</div></div>
@ -19,7 +19,7 @@
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">About KMS</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">Key Management</a></div>
</div>
</div>

6
docs/kms/umn/kms_01_0047.html
View File

@ -2,16 +2,16 @@
<h1 class="topictitle1">Functions</h1>
<div id="body1481523501204"><p id="kms_01_0047__p6043545165424">KMS provides the following functions:</p>
<ul id="kms_01_0047__ul40402072171047"><li id="kms_01_0047__li26580381651">Manages CMKs.<div class="p" id="kms_01_0047__p17113165115514"><a name="kms_01_0047__li26580381651"></a><a name="li26580381651"></a>Using the KMS console or APIs, you can perform the following operations on CMKs:<ul id="kms_01_0047__ul19800759115514"><li id="kms_01_0047__li43989104115514">Creating, querying, enabling, disabling, scheduling the deletion of, and canceling the deletion of CMKs</li><li id="kms_01_0047__li1461824912399">Importing CMKs and deleting CMK material</li><li id="kms_01_0047__li39393643115514">Modifying the aliases and description of CMKs</li><li id="kms_01_0047__li62557242115539">Creating, querying, and revoking a grant</li><li id="kms_01_0047__li856936911569">Adding, searching for, editing, and deleting tags</li><li id="kms_01_0047__li75682417531">Enabling key rotation</li></ul>
<ul id="kms_01_0047__ul40402072171047"><li id="kms_01_0047__li26580381651">Manages CMKs.<div class="p" id="kms_01_0047__p12735113218"><a name="kms_01_0047__li26580381651"></a><a name="li26580381651"></a>Using the KMS console or APIs, you can perform the following operations on CMKs:<ul id="kms_01_0047__ul14739173211"><li id="kms_01_0047__li1973716321">Creating, querying, enabling, disabling, scheduling the deletion of, and canceling the deletion of CMKs</li><li id="kms_01_0047__li8737123219">Importing CMKs and deleting CMK material</li><li id="kms_01_0047__li1373113323">Modifying the aliases and description of CMKs</li></ul>
</div>
</li></ul>
<ul id="kms_01_0047__ul58675301115522"><li id="kms_01_0047__li30330866154932">Creates, encrypts, and decrypts DEKs, and retires a grant on a CMK.<p id="kms_01_0047__p108193817393"><a name="kms_01_0047__li30330866154932"></a><a name="li30330866154932"></a>By calling APIs, you can create, encrypt, and decrypt DEKs, and retire a grant on a CMK. For details, see the <em id="kms_01_0047__i722116227104054">Key Management Service API Reference</em>.</p>
</li><li id="kms_01_0047__li5194142719059">Generates hardware true random numbers.<p id="kms_01_0047__p6010946219236"><a name="kms_01_0047__li5194142719059"></a><a name="li5194142719059"></a>You can generate 512-bit hardware true random numbers using a KMS API. The 512-bit hardware true random numbers can be used as or serve as basis for keys and encryption parameters. For details, see the <em id="kms_01_0047__i1199845955143133">Key Management Service API Reference</em>.</p>
</li><li id="kms_01_0047__li5194142719059">Generates hardware true random numbers.<p id="kms_01_0047__p6010946219236"><a name="kms_01_0047__li5194142719059"></a><a name="li5194142719059"></a>You can generate 512-bit hardware true random numbers using a KMS API. The 512-bit hardware true random numbers can be used as or serve as basis for keys and encryption parameters. For details, see the .</p>
</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">About KMS</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">Key Management</a></div>
</div>
</div>

26
docs/kms/umn/kms_01_0054.html
View File

@ -1,34 +1,34 @@
<a name="kms_01_0054"></a><a name="kms_01_0054"></a>
<h1 class="topictitle1">Overview</h1>
<div id="body1520999169510"><p id="kms_01_0054__p1183551901913">A CMK contains key metadata (key ID, key alias, description, key status, and creation date) and the key material used for encrypting and decrypting data.</p>
<ul id="kms_01_0054__ul196371206443"><li id="kms_01_0054__li8637820154417">When a user uses the KMS Console to create a CMK, the KMS automatically generates a key material for the CMK.</li><li id="kms_01_0054__li19637920164412">If you want to use your own key material, you can use the key import function on KMS Console to create a CMK whose key material is empty, and import the key material to the CMK.</li></ul>
<div class="section" id="kms_01_0054__section45818511344"><h4 class="sectiontitle">Important Notes</h4><ul id="kms_01_0054__ul787012593611"><li id="kms_01_0054__li13253317211">Security<p id="kms_01_0054__p132521740923"><a name="kms_01_0054__li13253317211"></a><a name="li13253317211"></a>You need to ensure that random sources meet your security requirements when using them to generate key material. When using the import key function, you need to be responsible for the security of your key material. Save the original backup of the key material so that the backup key material can be imported to the KMS in time when the key material is deleted accidentally.</p>
</li><li id="kms_01_0054__li168685515363">Availability and Durability<p id="kms_01_0054__p4148158173618"><a name="kms_01_0054__li168685515363"></a><a name="li168685515363"></a>Before importing the key material into KMS, you need to ensure the availability and durability of the key material.</p>
<p id="kms_01_0054__p4404310193620">Differences between the imported key material and the key material generated by KMS are shown in <a href="#kms_01_0054__table1433519477126">Table 1</a>.</p>
<div id="body8662426"><div class="p" id="kms_01_0054__en-us_topic_0112947572_a3bf9ffe5da1149078cea14a21c0a8369">A custom key contains key metadata (key ID, key alias, description, key status, and creation date) and key materials used for encrypting and decrypting data.<ul id="kms_01_0054__en-us_topic_0112947572_ud577747dd3f642008cae98c326cfb97d"><li id="kms_01_0054__en-us_topic_0112947572_l0aff38ddb542410a9f2a4416f32169e7">When a user uses the KMS console to create a custom key, the KMS automatically generates a key material for the custom key.</li><li id="kms_01_0054__en-us_topic_0112947572_l325fefd364fa4fcb896ba0e6cb426793">If you want to use your own key material, you can use the key import function on the KMS console to create a custom key whose key material is empty, and import the key material to the custom key.</li></ul>
</div>
<div class="section" id="kms_01_0054__en-us_topic_0112947572_s3f753595a83247f2893dd5dd1ddc46e5"><a name="kms_01_0054__en-us_topic_0112947572_s3f753595a83247f2893dd5dd1ddc46e5"></a><a name="en-us_topic_0112947572_s3f753595a83247f2893dd5dd1ddc46e5"></a><h4 class="sectiontitle">Important Notes</h4><ul id="kms_01_0054__en-us_topic_0112947572_ud3274b20df7b4eabaf205162782ca8d6"><li id="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_li13253317211">Security<p id="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_p132521740923"><a name="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_li13253317211"></a><a name="en-us_topic_0112947572_en-us_topic_0101786406_li13253317211"></a>You need to ensure that random sources meet your security requirements when using them to generate key materials. When using the import key function, you need to be responsible for the security of your key materials. Save the original backup of the key material so that the backup key material can be imported to the KMS in time when the key material is deleted accidentally.</p>
</li><li id="kms_01_0054__en-us_topic_0112947572_l674baad78a804a0982db57d1f2aa53ba">Availability and Durability<p id="kms_01_0054__en-us_topic_0112947572_a6d391f1d7a3842b0b4013ff63d429458"><a name="kms_01_0054__en-us_topic_0112947572_l674baad78a804a0982db57d1f2aa53ba"></a><a name="en-us_topic_0112947572_l674baad78a804a0982db57d1f2aa53ba"></a>Before importing the key material into KMS, you need to ensure the availability and durability of the key material.</p>
<p id="kms_01_0054__en-us_topic_0112947572_a2fa51adf5ba84201875e17e287a4d1b9">Differences between the imported key material and the key material generated by KMS are shown in <a href="#kms_01_0054__en-us_topic_0112947572_t487a5cf584df41c0ae6cb48067f92643">Table 1</a>.</p>
<div class="tablenoborder"><a name="kms_01_0054__table1433519477126"></a><a name="table1433519477126"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0054__table1433519477126" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Differences between the imported key material and the key material generated by KMS</caption><thead align="left"><tr id="kms_01_0054__row433564761219"><th align="left" class="cellrowborder" valign="top" width="14.000000000000002%" id="mcps1.3.3.2.2.3.2.3.1.1"><p id="kms_01_0054__p433534731217">Key Material Source</p>
<div class="tablenoborder"><a name="kms_01_0054__en-us_topic_0112947572_t487a5cf584df41c0ae6cb48067f92643"></a><a name="en-us_topic_0112947572_t487a5cf584df41c0ae6cb48067f92643"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0054__en-us_topic_0112947572_t487a5cf584df41c0ae6cb48067f92643" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Differences between the imported key material and the key material generated by KMS</caption><thead align="left"><tr id="kms_01_0054__en-us_topic_0112947572_r90c9721328be4eeab210f7fb6240a32e"><th align="left" class="cellrowborder" valign="top" width="14.000000000000002%" id="mcps1.3.2.2.2.3.2.3.1.1"><p id="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_p433534731217">Key Material Source</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="86%" id="mcps1.3.3.2.2.3.2.3.1.2"><p id="kms_01_0054__p1533534711216">Difference</p>
<th align="left" class="cellrowborder" valign="top" width="86%" id="mcps1.3.2.2.2.3.2.3.1.2"><p id="kms_01_0054__en-us_topic_0112947572_a989d845859b1494da679ecdc4bc54116">Difference</p>
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0054__row83351447111218"><td class="cellrowborder" valign="top" width="14.000000000000002%" headers="mcps1.3.3.2.2.3.2.3.1.1 "><p id="kms_01_0054__p38838794154627">CMKs using the imported key material</p>
<tbody><tr id="kms_01_0054__en-us_topic_0112947572_r1872f0be6bc04a2f8d94d6c533da36d7"><td class="cellrowborder" valign="top" width="14.000000000000002%" headers="mcps1.3.2.2.2.3.2.3.1.1 "><p id="kms_01_0054__en-us_topic_0112947572_ab761a560838a44c0b3140ad1796a87cf">Imported keys</p>
</td>
<td class="cellrowborder" valign="top" width="86%" headers="mcps1.3.3.2.2.3.2.3.1.2 "><ul id="kms_01_0054__ul1891815542265"><li id="kms_01_0054__li2080104855010">You can delete the key material, but cannot delete the CMK and its metadata.</li><li id="kms_01_0054__li20605183916558">When importing the key material, you can set the expiration time of the key material. After the key material expires, the KMS automatically deletes the key material within 24 hours, but does not delete the CMK and its metadata.<p id="kms_01_0054__p2606539135511"><a name="kms_01_0054__li20605183916558"></a><a name="li20605183916558"></a>It is recommended that you save a copy of the material on your local device because it may be used for re-import in cases of invalid key material or unintended deletion of key material.</p>
<td class="cellrowborder" valign="top" width="86%" headers="mcps1.3.2.2.2.3.2.3.1.2 "><ul id="kms_01_0054__en-us_topic_0112947572_u6dd1140bd0294c38afc239874611f83f"><li id="kms_01_0054__en-us_topic_0112947572_la57f71ffd3d94cadba25791f9f02e414">You can delete the key material, but cannot delete the custom key and its metadata.</li><li id="kms_01_0054__en-us_topic_0112947572_li1535315448478">Such keys cannot be rotated.</li><li id="kms_01_0054__en-us_topic_0112947572_l85dd12b5d0bd47448c8266543bee9868">When importing the key material, you can set the expiration time of the key material. After the key material expires, the KMS automatically deletes the key material within 24 hours, but does not delete the custom key and its metadata.<p id="kms_01_0054__en-us_topic_0112947572_a1e5fe1dc513b490a959e81a5d97dda34"><a name="kms_01_0054__en-us_topic_0112947572_l85dd12b5d0bd47448c8266543bee9868"></a><a name="en-us_topic_0112947572_l85dd12b5d0bd47448c8266543bee9868"></a>It is recommended that you save a copy of the material on your local device because it may be used for re-import in cases of invalid key materials or key material mis-deletion.</p>
</li></ul>
</td>
</tr>
<tr id="kms_01_0054__row633524781210"><td class="cellrowborder" valign="top" width="14.000000000000002%" headers="mcps1.3.3.2.2.3.2.3.1.1 "><p id="kms_01_0054__p13649906154627">CMKs using KMS generated key material</p>
<tr id="kms_01_0054__en-us_topic_0112947572_r580413ae2f4149f18e7aaab8074b298d"><td class="cellrowborder" valign="top" width="14.000000000000002%" headers="mcps1.3.2.2.2.3.2.3.1.1 "><p id="kms_01_0054__en-us_topic_0112947572_a55f2428af3404bb89e9549a7825204f6">Keys created in KMS</p>
</td>
<td class="cellrowborder" valign="top" width="86%" headers="mcps1.3.3.2.2.3.2.3.1.2 "><ul id="kms_01_0054__ul462610575262"><li id="kms_01_0054__li79056018521">The key material cannot be manually deleted.</li><li id="kms_01_0054__li1390312432559">You cannot set the expiration time for key material.</li></ul>
<td class="cellrowborder" valign="top" width="86%" headers="mcps1.3.2.2.2.3.2.3.1.2 "><ul id="kms_01_0054__en-us_topic_0112947572_uab11f372242646fdb6d9fb6f30e9901d"><li id="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_li79056018521">The key material cannot be manually deleted.</li><li id="kms_01_0054__en-us_topic_0112947572_li751664617557">Symmetric keys can be rotated.</li><li id="kms_01_0054__en-us_topic_0112947572_l80438789b1cb4d9d9dd755e506d31990">You cannot set the expiration time for key material.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="kms_01_0054__li198702052369">Association<p id="kms_01_0054__p176231415183617"><a name="kms_01_0054__li198702052369"></a><a name="li198702052369"></a>When a key material is imported to a CMK, the CMK is permanently associated with the key material. Other key material cannot be imported into the CMK.</p>
</li><li id="kms_01_0054__li08709523619">Uniqueness<p id="kms_01_0054__p9654016103617"><a name="kms_01_0054__li08709523619"></a><a name="li08709523619"></a>If you use the CMK created using the imported key material to encrypt data, the encrypted data can be decrypted only by the CMK that has been used to encrypt the data, because the metadata and key material of the CMK must be consistent.</p>
</li><li id="kms_01_0054__en-us_topic_0112947572_l2d3f4af160f54d55a869aa125a3ba7be">Association<p id="kms_01_0054__en-us_topic_0112947572_a30ade659a392407480bee44e6dc0bf17"><a name="kms_01_0054__en-us_topic_0112947572_l2d3f4af160f54d55a869aa125a3ba7be"></a><a name="en-us_topic_0112947572_l2d3f4af160f54d55a869aa125a3ba7be"></a>When a key material is imported to a custom key, the custom key is permanently associated with the key material. Other key materials cannot be imported into the custom key.</p>
</li><li id="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_li08709523619">Uniqueness<p id="kms_01_0054__en-us_topic_0112947572_a4fdfcb6e78de4a8ba91bed09b69594be"><a name="kms_01_0054__en-us_topic_0112947572_en-us_topic_0101786406_li08709523619"></a><a name="en-us_topic_0112947572_en-us_topic_0101786406_li08709523619"></a>If you use the custom key created using the imported key material to encrypt data, the encrypted data can be decrypted only by the custom key that has been used to encrypt the data, because the metadata and key material of the custom key must be consistent.</p>
</li></ul>
</div>
</div>

87
docs/kms/umn/kms_01_0055.html
View File

File diff suppressed because it is too large Load Diff

12
docs/kms/umn/kms_01_0072.html
View File

@ -1,25 +1,25 @@
<a name="kms_01_0072"></a><a name="kms_01_0072"></a>
<h1 class="topictitle1">Scheduling the Deletion of One or Multiple CMKs</h1>
<h1 class="topictitle1">Deleting One or More CMKs</h1>
<div id="body1469675083219"><div class="section" id="kms_01_0072__section2425549414337"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0072__p129527114341">This section describes how to use the management console to schedule the deletion of one or multiple unwanted CMKs.</p>
<p id="kms_01_0072__p17389162101454">If deletion is scheduled for a CMK, the deletion will not take effect immediately. Instead, it will take effect after a waiting period of 7 to 1096 days. Before the specified deletion date, you can cancel the deletion if you want to use the CMK. Once the scheduled deletion has taken effect, the CMK will be deleted permanently and you will not be able to decrypt data encrypted by it. Therefore, you are advised to exercise caution when performing this operation.</p>
<p id="kms_01_0072__p42143501101111">Before deleting the CMK, confirm that it is not in use and will not be used.</p>
<ul id="kms_01_0072__ul5094051912748"><li id="kms_01_0072__li3525360112757">You can configure the SMN notification function to receive notifications when OBS fails to use the CMK to decrypt data before the deletion date. If you want to use the CMK again, cancel its deletion on the console. For SMN configuration instructions, see <a href="kms_01_0021.html">Configuring SMN</a>.</li><li id="kms_01_0072__li5663020512748">You can choose <span class="menucascade" id="kms_01_0072__menucascade23621933518283"><b><span class="uicontrol" id="kms_01_0072__uicontrol29602172618283">Storage</span></b> &gt; <b><span class="uicontrol" id="kms_01_0072__uicontrol197918867918283">Elastic Volume Service</span></b></span> to go to the EVS page. In the search bar, select <strong id="kms_01_0072__b842352706182911">KMS key ID</strong> and enter the CMK ID to check whether the CMK to be deleted is being used by EVS.</li><li id="kms_01_0072__li3419946512748">You can choose <strong id="kms_01_0072__b842352706153735">Computing</strong> &gt; <strong id="kms_01_0072__b842352706153742">Image Management Service</strong> to go to the IMS page. Select the <strong id="kms_01_0072__b84235270618341">Private Image</strong> tab. In the search bar, select <strong id="kms_01_0072__b2134265244183035">KMS key ID</strong> and enter the CMK ID to check whether the CMK to be deleted is being used by IMS.</li><li id="kms_01_0072__li551293117176">You can choose <span class="menucascade" id="kms_01_0072__menucascade1587893732"><b><span class="uicontrol" id="kms_01_0072__uicontrol1436694204">Storage</span></b> &gt; <b><span class="uicontrol" id="kms_01_0072__uicontrol2054834692">Scalable File Service</span></b></span> to go to the SFS page. In the search bar, select <strong id="kms_01_0072__b421570497">KMS key ID</strong> and enter the CMK ID to check whether the CMK to be deleted is being used by SFS.</li><li id="kms_01_0072__li1255401214315">You can choose <strong id="kms_01_0072__b535654016213">Database</strong> &gt; <strong id="kms_01_0072__b18945193692111">Relational Database Service</strong> to view the database instance list, and click the name of the target database instance. On the details page of the database instance, check whether the key to be deleted is in use.</li></ul>
<ul id="kms_01_0072__ul5094051912748"><li id="kms_01_0072__li3525360112757">You can configure the SMN notification function to receive notifications when OBS fails to use the CMK to decrypt data before the deletion date. If you want to use the CMK again, cancel its deletion on the console. For SMN configuration instructions, see <a href="kms_01_0021.html">Configuring SMN</a>.</li><li id="kms_01_0072__li5663020512748">You can choose <span class="menucascade" id="kms_01_0072__menucascade23621933518283"><b><span class="uicontrol" id="kms_01_0072__uicontrol29602172618283">Storage</span></b> &gt; <b><span class="uicontrol" id="kms_01_0072__uicontrol197918867918283">Elastic Volume Service</span></b></span> to go to the EVS page. In the search bar, select <strong id="kms_01_0072__b842352706182911">KMS key ID</strong> and enter the CMK ID to check whether the CMK to be deleted is being used by EVS.</li><li id="kms_01_0072__li3419946512748">You can choose <strong id="kms_01_0072__b842352706153735">Computing</strong> &gt; <strong id="kms_01_0072__b842352706153742">Image Management Service</strong> to go to the IMS page. Select the <strong id="kms_01_0072__b84235270618341">Private Image</strong> tab. In the search bar, select <strong id="kms_01_0072__b2134265244183035">KMS key ID</strong> and enter the CMK ID to check whether the CMK to be deleted is being used by IMS.</li><li id="kms_01_0072__li551293117176">You can choose <span class="menucascade" id="kms_01_0072__menucascade1385807629"><b><span class="uicontrol" id="kms_01_0072__uicontrol700467742">Storage</span></b> &gt; <b><span class="uicontrol" id="kms_01_0072__uicontrol59620836">Scalable File Service</span></b></span> to go to the SFS page. In the search bar, select <strong id="kms_01_0072__b1950395181">KMS key ID</strong> and enter the CMK ID to check whether the CMK to be deleted is being used by SFS.</li><li id="kms_01_0072__li1255401214315">You can choose <strong id="kms_01_0072__b535654016213">Database</strong> &gt; <strong id="kms_01_0072__b18945193692111">Relational Database Service</strong> to view the database instance list, and click the name of the target database instance. On the details page of the database instance, check whether the key to be deleted is in use.</li></ul>
<div class="note" id="kms_01_0072__note5633572415214"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0072__p59217387185318">Default Master Keys created by KMS cannot be scheduled for deletion.</p>
</div></div>
</div>
<div class="section" id="kms_01_0072__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0072__ul6266552014741"><li id="kms_01_0072__li3179870414741">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0072__li5865151519387">The CMK to be deleted is in <strong id="kms_01_0072__b842352706181244">Enabled</strong>, <strong id="kms_01_0072__b842352706181247">Disabled</strong>, or <strong id="kms_01_0072__b842352706181251">Pending Import</strong> status.</li></ul>
<div class="section" id="kms_01_0072__section2256777914731"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0072__ul6266552014741"><li id="kms_01_0072__li5865151519387">The CMK to be deleted is in <strong id="kms_01_0072__b842352706181244">Enabled</strong>, <strong id="kms_01_0072__b842352706181247">Disabled</strong>, or <strong id="kms_01_0072__b842352706181251">Pending Import</strong> status.</li></ul>
</div>
<div class="section" id="kms_01_0072__section2756238314925"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0072__ol562648314939"><li id="kms_01_0072__li2007423012516"><span>Log in to the management console.</span></li><li id="kms_01_0072__li678575875"><span>Click <span><img id="kms_01_0072__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0072__li50815416151229"><span>Choose <span class="menucascade" id="kms_01_0072__menucascade146418505578"><b><span class="uicontrol" id="kms_01_0072__uicontrol1462450135719">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0072__uicontrol1364750175718">Key Management Service</span></b></span>. The <strong id="kms_01_0072__b767195012578">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0072__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0072__uicontrol31776200101549"><b>Delete</b></span>.</span><p><div class="fignone" id="kms_01_0072__fig60323275152858"><span class="figcap"><b>Figure 1 </b>Scheduling the deletion for one CMK</span><br><span><img id="kms_01_0072__image735016744814" src="en-us_image_0210227196.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0072__section2756238314925"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0072__ol562648314939"><li id="kms_01_0072__li2007423012516"><span>Log in to the management console.</span></li><li id="kms_01_0072__li678575875"><span>Click <span><img id="kms_01_0072__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0072__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0072__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0072__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0072__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0072__li49567148141429"><span>In the row containing the desired CMK, click <span class="uicontrol" id="kms_01_0072__uicontrol31776200101549"><b>Delete</b></span>.</span><p><div class="fignone" id="kms_01_0072__fig60323275152858"><span class="figcap"><b>Figure 1 </b>Scheduling the deletion for one CMK</span><br><span><img id="kms_01_0072__image735016744814" src="en-us_image_0210227196.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0072__li23509077163436"><span>In the dialog box that is displayed, enter the number of days after which you want the deletion to take effect.</span><p><div class="fignone" id="kms_01_0072__fig1174078175555"><span class="figcap"><b>Figure 2 </b>Scheduling a deletion time</span><br><span><img id="kms_01_0072__image1599131515105" src="en-us_image_0129104183.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0072__li2653135415817"><span>Click <strong id="kms_01_0072__b1518317554323">Yes</strong> to schedule the deletion.</span><p><div class="note" id="kms_01_0072__note0393647194210"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0072__p1739424714215">To delete multiple CMKs at a time, select them and click <strong id="kms_01_0072__b1141125981418">Delete</strong> in the upper left corner of the list.</p>
</p></li><li id="kms_01_0072__li2653135415817"><span>Click <span class="uicontrol" id="kms_01_0072__uicontrol84610315118"><b>Yes</b></span> to schedule the deletion.</span><p><div class="note" id="kms_01_0072__note0393647194210"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0072__p1739424714215">To delete multiple CMKs at a time, select them and click <strong id="kms_01_0072__b1141125981418">Delete</strong> in the upper left corner of the list.</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0018.html">Management</a></div>
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0032.html">Managing CMKs</a></div>
</div>
</div>

35
docs/kms/umn/kms_01_0074.html
View File

@ -2,6 +2,41 @@
<h1 class="topictitle1">What Is a Customer Master Key?</h1>
<div id="body8662426"><p id="kms_01_0074__en-us_topic_0035099206_p8060118">A Customer Master Key (CMK) is a Key Encryption Key (KEK) created by a user using KMS. It is used to encrypt and protect Data Encryption Keys (DEKs). One CMK can be used to encrypt one or multiple DEKs.</p>
<div class="p" id="kms_01_0074__p127610196502">CMKs are categorized into custom keys and default keys.<ul id="kms_01_0074__ul1875994575019"><li id="kms_01_0074__li147591145115017">Custom keys<p id="kms_01_0074__p988775013500"><a name="kms_01_0074__li147591145115017"></a><a name="li147591145115017"></a>Keys created or imported by users on the KMS console.</p>
</li><li id="kms_01_0074__li1875934520501">Default keys<p id="kms_01_0074__p20959752125018"><a name="kms_01_0074__li1875934520501"></a><a name="li1875934520501"></a>When a user uses KMS for encryption in a cloud service for the first time, the cloud service automatically creates a key with the alias suffix <strong id="kms_01_0074__b187555136963932">/default</strong>.</p>
<p id="kms_01_0074__p37369926114355">On the KMS console, you can query Default Master Keys, but can neither disable them nor schedule their deletion.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0074__table42686454104828" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Default Master Keys</caption><thead align="left"><tr id="kms_01_0074__row59355676104828"><th align="left" class="cellrowborder" valign="top" width="26.5%" id="mcps1.3.2.1.2.3.2.3.1.1"><p id="kms_01_0074__p58543282104828">Alias</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="73.5%" id="mcps1.3.2.1.2.3.2.3.1.2"><p id="kms_01_0074__p66197698104828">Cloud Service</p>
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0074__row53124038104828"><td class="cellrowborder" valign="top" width="26.5%" headers="mcps1.3.2.1.2.3.2.3.1.1 "><p id="kms_01_0074__p22934402104828">obs/default</p>
</td>
<td class="cellrowborder" valign="top" width="73.5%" headers="mcps1.3.2.1.2.3.2.3.1.2 "><p id="kms_01_0074__p66818200104828">Object Storage Service (OBS)</p>
</td>
</tr>
<tr id="kms_01_0074__row42389301274"><td class="cellrowborder" valign="top" width="26.5%" headers="mcps1.3.2.1.2.3.2.3.1.1 "><p id="kms_01_0074__en-us_topic_0112947594_p41471516104828">evs/default</p>
</td>
<td class="cellrowborder" valign="top" width="73.5%" headers="mcps1.3.2.1.2.3.2.3.1.2 "><p id="kms_01_0074__en-us_topic_0112947594_p65102400104828">Elastic Volume Service (EVS)</p>
</td>
</tr>
<tr id="kms_01_0074__row2311958917544"><td class="cellrowborder" valign="top" width="26.5%" headers="mcps1.3.2.1.2.3.2.3.1.1 "><p id="kms_01_0074__p6074740317544">ims/default</p>
</td>
<td class="cellrowborder" valign="top" width="73.5%" headers="mcps1.3.2.1.2.3.2.3.1.2 "><p id="kms_01_0074__p2159264717544">Image Management Service (IMS)</p>
</td>
</tr>
<tr id="kms_01_0074__row20537184217141"><td class="cellrowborder" valign="top" width="26.5%" headers="mcps1.3.2.1.2.3.2.3.1.1 "><p id="kms_01_0074__p165084781416">sfs/default</p>
</td>
<td class="cellrowborder" valign="top" width="73.5%" headers="mcps1.3.2.1.2.3.2.3.1.2 "><p id="kms_01_0074__p106501847101420">Scalable File Service (SFS)</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">

64
docs/kms/umn/kms_01_0094.html
View File

@ -1,48 +1,68 @@
<a name="kms_01_0094"></a><a name="kms_01_0094"></a>
<h1 class="topictitle1">Context</h1>
<div id="body1574061937025"><p id="kms_01_0094__aa5af4eb2641b4f43aba31e9ac960ec9a">Security risks exist when a DEK is extensively and repeatedly used. For security purposes, you can configure KMS to create new key materials for the CMK.</p>
<p id="kms_01_0094__aa806569c9d7e43899ae969a3cfc34023">New key materials can be created in two methods:</p>
<ul id="kms_01_0094__u0a6147d914914f238d3509820348aba0"><li id="kms_01_0094__li13491113211416">Manual key rotation<div class="p" id="kms_01_0094__p84513331644"><a name="kms_01_0094__li13491113211416"></a><a name="li13491113211416"></a>Create a CMK on the KMS management console to replace the original CMK.<div class="note" id="kms_01_0094__note117317431416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0094__p71741243164113">If cloud services (such as OBS) use a CMK to encrypt and decrypt data, you need to create a new CMK on the KMS management console and replace the original one used for KMS encryption on OBS Console.</p>
<h1 class="topictitle1">Key Rotation Overview</h1>
<div id="body1574061937025"><div class="section" id="kms_01_0094__section142633107512"><h4 class="sectiontitle">Purpose of Key Rotation</h4><p id="kms_01_0094__en-us_topic_0112947556_p74131058201912">Keys that are widely or repeatedly used are insecure. To enhance the security of encryption keys, you are advised to periodically rotate keys and change their key materials.</p>
<p id="kms_01_0094__en-us_topic_0112947556_aa5af4eb2641b4f43aba31e9ac960ec9a">The purposes of key rotation are:</p>
<ul id="kms_01_0094__en-us_topic_0112947556_ul1363191145212"><li id="kms_01_0094__en-us_topic_0112947556_li1963118116524">To reduce the amount of data encrypted by each key.<p id="kms_01_0094__en-us_topic_0112947556_p46311212524"><a name="kms_01_0094__en-us_topic_0112947556_li1963118116524"></a><a name="en-us_topic_0112947556_li1963118116524"></a>A key will be insecure if it is used to encrypt a huge number of data. The amount of data encrypted a key refers to the total number of bytes or messages encrypted using the key.</p>
</li><li id="kms_01_0094__en-us_topic_0112947556_li146012113521">To enhance the capability of responding to security events.<p id="kms_01_0094__en-us_topic_0112947556_p76011711185214"><a name="kms_01_0094__en-us_topic_0112947556_li146012113521"></a><a name="en-us_topic_0112947556_li146012113521"></a>In your initial system security design, you shall design the key rotation function and use it for routine O&amp;M, so that it will be at hand when an emergency occurs.</p>
</li><li id="kms_01_0094__en-us_topic_0112947556_li129501749125219">To enhance the data isolation capability.<p id="kms_01_0094__en-us_topic_0112947556_p29501049165217"><a name="kms_01_0094__en-us_topic_0112947556_li129501749125219"></a><a name="en-us_topic_0112947556_li129501749125219"></a>The ciphertext data generated before and after key rotation will be isolated. You can identify the impact scope of a security event based on the key involved and take actions accordingly.</p>
</li></ul>
</div>
<div class="section" id="kms_01_0094__section114103111537"><h4 class="sectiontitle">Key Rotation Methods</h4><p id="kms_01_0094__en-us_topic_0112947556_p123016407532">You can use either of the following key rotation methods:</p>
<ul id="kms_01_0094__en-us_topic_0112947556_ul481722117543"><li id="kms_01_0094__en-us_topic_0112947556_li1081716213548">Manual key rotation<p id="kms_01_0094__en-us_topic_0112947556_p7943112612544"><a name="kms_01_0094__en-us_topic_0112947556_li1081716213548"></a><a name="en-us_topic_0112947556_li1081716213548"></a>Replace the key in use with a new key. For example, if key A is in use, you can create key B using a new encryption material, and replace key A with key B. This achieves the same outcome as changing the key material of key A.</p>
<p id="kms_01_0094__en-us_topic_0112947556_p144549472114"> </p>
<p id="kms_01_0094__en-us_topic_0112947556_p7545164920110">Take OBS as an example. To manually rotate a key, create a new custom key on the KMS console. Replace the old custom key with the new one on the OBS console.</p>
<div class="fignone" id="kms_01_0094__en-us_topic_0112947556_fig1662802305113"><span class="figcap"><b>Figure 1 </b>Manual key rotation</span><br><span><img id="kms_01_0094__en-us_topic_0112947556_image383919234016" src="en-us_image_0000001357411985.png" title="Click to enlarge" class="imgResize"></span></div>
</li><li id="kms_01_0094__en-us_topic_0112947556_li3617223205410">Automatic key rotation<p id="kms_01_0094__en-us_topic_0112947556_p173411527220"><a name="kms_01_0094__en-us_topic_0112947556_li3617223205410"></a><a name="en-us_topic_0112947556_li3617223205410"></a>KMS automatically rotates keys based on the configured rotation period (365 days by default). The system automatically generates a new key to replace the key in use. Automatic key rotation only changes the key material of a CMK. The logical attributes of the key will not change, including its key ID, alias, description, and permissions.</p>
<p id="kms_01_0094__en-us_topic_0112947556_p1848719451329">Automatic key rotation has the following characteristics:</p>
<ol id="kms_01_0094__en-us_topic_0112947556_ol12487945626"><li id="kms_01_0094__en-us_topic_0112947556_li84876451023">Enable rotation for an existing custom key. KMS will automatically generate new key materials for the custom key.</li><li id="kms_01_0094__en-us_topic_0112947556_li948754513220">Data is not re-encrypted in an automatic key rotation. The DEK generated using the CMK is not automatically rotated, and data that has been encrypted using the CMK will not be encrypted again. If a DEK has been leaked, automatic rotation cannot contain the impact of the leakage.</li></ol>
<div class="fignone" id="kms_01_0094__en-us_topic_0112947556_fig948719451727"><span class="figcap"><b>Figure 2 </b>Key rotation</span><br><span><img id="kms_01_0094__en-us_topic_0112947556_image24879452213" src="en-us_image_0000001357372181.png" title="Click to enlarge" class="imgResize"></span></div>
</li></ul>
<div class="note" id="kms_01_0094__en-us_topic_0112947556_note17375937205315"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><div class="p" id="kms_01_0094__en-us_topic_0112947556_p6440172812544">KMS retains all versions of a custom key, so that you can decrypt any ciphertext encrypted using the custom key.<ul id="kms_01_0094__en-us_topic_0112947556_ul19464718165411"><li id="kms_01_0094__en-us_topic_0112947556_li64641718185415">KMS uses the latest version of the custom key to encrypt data.</li><li id="kms_01_0094__en-us_topic_0112947556_li15464171810541">When decrypting data, KMS uses the custom key version that was used to encrypt the data.</li></ul>
</div>
</div></div>
</div>
</li><li id="kms_01_0094__li133993618414">Automatic key rotation<p id="kms_01_0094__p7230184414510"><a name="kms_01_0094__li133993618414"></a><a name="li133993618414"></a>Enable rotation for an existing CMK so that KMS automatically generates new key material for the CMK.</p>
<p id="kms_01_0094__p1123117442517">Key rotation only changes the key material of a CMK. The CMK's attributes (such as ID, alias, description, and permissions settings) remain unchanged.</p>
<p id="kms_01_0094__p8231174418514">The key rotation function enables KMS to automatically rotate CMKs according to the specified rotation interval (365 days by default). For a CMK with the key rotation function enabled, a new version is generated upon each rotation. See <a href="#kms_01_0094__fig9231144353">Figure 1</a> for details.</p>
<div class="fignone" id="kms_01_0094__fig9231144353"><a name="kms_01_0094__fig9231144353"></a><a name="fig9231144353"></a><span class="figcap"><b>Figure 1 </b>Working principle of key rotation</span><br><span><img class="imgResize" id="kms_01_0094__image62314444518" src="en-us_image_0205545064.png" title="Click to enlarge"></span></div>
<p id="kms_01_0094__p623194415512">KMS retains all versions associated of the CMK, so that you can decrypt any ciphertext encrypted using the CMK.</p>
<ul id="kms_01_0094__ul1123110441555"><li id="kms_01_0094__li123117441459">KMS uses the latest version of the CMK to encrypt data.</li><li id="kms_01_0094__li102311944557">KMS uses the same version of the CMK to decrypt data as that used to encrypt the data.</li></ul>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0094__table192321644156" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Key rotation modes</caption><thead align="left"><tr id="kms_01_0094__row3231184420513"><th align="left" class="cellrowborder" valign="top" width="24.08%" id="mcps1.3.3.2.7.2.3.1.1"><p id="kms_01_0094__p1223118441250">Key Type</p>
<div class="section" id="kms_01_0094__section12184145083117"><h4 class="sectiontitle">Rotation Modes</h4>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0094__table88396113212" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Key rotation modes</caption><thead align="left"><tr id="kms_01_0094__row283919111323"><th align="left" class="cellrowborder" valign="top" width="24.060000000000002%" id="mcps1.3.3.2.2.3.1.1"><p id="kms_01_0094__p118397113213">Key Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="75.92%" id="mcps1.3.3.2.7.2.3.1.2"><p id="kms_01_0094__p142318441759">Support for Key Rotation</p>
<th align="left" class="cellrowborder" valign="top" width="75.94%" id="mcps1.3.3.2.2.3.1.2"><p id="kms_01_0094__p1683981113218">Rotation Mode</p>
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0094__row152325447513"><td class="cellrowborder" valign="top" width="24.08%" headers="mcps1.3.3.2.7.2.3.1.1 "><p id="kms_01_0094__p823244415512">Default Master Key</p>
<tbody><tr id="kms_01_0094__row15839191143217"><td class="cellrowborder" valign="top" width="24.060000000000002%" headers="mcps1.3.3.2.2.3.1.1 "><p id="kms_01_0094__p2083916113326">Default master key</p>
</td>
<td class="cellrowborder" valign="top" width="75.92%" headers="mcps1.3.3.2.7.2.3.1.2 "><p id="kms_01_0094__p18232144654">Keys cannot be rotated.</p>
<td class="cellrowborder" valign="top" width="75.94%" headers="mcps1.3.3.2.2.3.1.2 "><p id="kms_01_0094__p283991143217">Cannot be rotated.</p>
</td>
</tr>
<tr id="kms_01_0094__row1023219447513"><td class="cellrowborder" valign="top" width="24.08%" headers="mcps1.3.3.2.7.2.3.1.1 "><p id="kms_01_0094__p023254417514">Imported CMK</p>
<tr id="kms_01_0094__row185231129480"><td class="cellrowborder" valign="top" width="24.060000000000002%" headers="mcps1.3.3.2.2.3.1.1 "><p id="kms_01_0094__p127211653330">User-defined key (imported CMK)</p>
</td>
<td class="cellrowborder" valign="top" width="75.92%" headers="mcps1.3.3.2.7.2.3.1.2 "><p id="kms_01_0094__p1223244420513">Keys can only be rotated manually.</p>
<td class="cellrowborder" valign="top" width="75.94%" headers="mcps1.3.3.2.2.3.1.2 "><p id="kms_01_0094__p28401719326">Can only be manually rotated.</p>
<p id="kms_01_0094__p3839111173218">For more information about user-defined keys, see <a href="kms_01_0054.html#kms_01_0054__en-us_topic_0112947572_s3f753595a83247f2893dd5dd1ddc46e5">CMK Overview</a>.</p>
</td>
</tr>
<tr id="kms_01_0094__row202328441951"><td class="cellrowborder" valign="top" width="24.08%" headers="mcps1.3.3.2.7.2.3.1.1 "><p id="kms_01_0094__p162328442513">Disabled CMK</p>
<tr id="kms_01_0094__row2421914102"><td class="cellrowborder" valign="top" width="24.060000000000002%" headers="mcps1.3.3.2.2.3.1.1 "><p id="kms_01_0094__p3451961020">Symmetric key</p>
</td>
<td class="cellrowborder" valign="top" width="75.92%" headers="mcps1.3.3.2.7.2.3.1.2 "><p id="kms_01_0094__p1223219441651">KMS does not rotate disabled CMKs and keeps their rotation status unchanged. After a CMK is enabled, if the backup CMK has been used for longer than the rotation period, KMS will immediately rotate keys. If the backup CMK has been used for shorter than the rotation period, KMS will implement the original rotation plan.</p>
<td class="cellrowborder" valign="top" width="75.94%" headers="mcps1.3.3.2.2.3.1.2 "><p id="kms_01_0094__p04161910102">Can be automatically or manually rotated.</p>
</td>
</tr>
<tr id="kms_01_0094__row1123215449515"><td class="cellrowborder" valign="top" width="24.08%" headers="mcps1.3.3.2.7.2.3.1.1 "><p id="kms_01_0094__p1232344152">CMK in pending deletion status</p>
<tr id="kms_01_0094__row98391912326"><td class="cellrowborder" valign="top" width="24.060000000000002%" headers="mcps1.3.3.2.2.3.1.1 "><p id="kms_01_0094__p23141535759">Disabled CMK</p>
</td>
<td class="cellrowborder" valign="top" width="75.92%" headers="mcps1.3.3.2.7.2.3.1.2 "><p id="kms_01_0094__p1823224419517">KMS does not rotate CMKs in pending deletion status. After you cancel the deletion of a CMK, the previous key rotation status will be restored. If the backup CMK has been used for longer than the rotation period, KMS will immediately rotate keys. If the backup CMK has been used for shorter than the rotation period, KMS will implement the original rotation plan.</p>
<td class="cellrowborder" valign="top" width="75.94%" headers="mcps1.3.3.2.2.3.1.2 "><p id="kms_01_0094__p1476214306111">Disabled CMKs are not rotated. KMS keeps their rotation status unchanged. After a CMK is enabled, if it has been used for longer than the rotation period, KMS will immediately rotate keys. If the CMK has been used for shorter than the rotation period, KMS will implement the original rotation plan.</p>
<p id="kms_01_0094__p163831618181210">For more information, see <a href="kms_01_0035.html">Disabling One or More CMKs</a>.</p>
</td>
</tr>
<tr id="kms_01_0094__row1840716322"><td class="cellrowborder" valign="top" width="24.060000000000002%" headers="mcps1.3.3.2.2.3.1.1 "><p id="kms_01_0094__p67521227151211">CMKs in pending deletion state</p>
</td>
<td class="cellrowborder" valign="top" width="75.94%" headers="mcps1.3.3.2.2.3.1.2 "><p id="kms_01_0094__p9840511326">Disabled CMKs are not rotated. KMS keeps their rotation status unchanged. After a CMK is enabled, if it has been used for longer than the rotation period, KMS will immediately rotate keys. If the CMK has been used for shorter than the rotation period, KMS will implement the original rotation plan.</p>
<p id="kms_01_0094__p47749153143">For more information, see <a href="kms_01_0072.html">Scheduling the Deletion of One or More Keys</a>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
<div class="note" id="kms_01_0094__note1813217202442"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0094__p17373458133911">You can check the rotation details on the <strong id="kms_01_0094__b1531391433519">Rotation Policy</strong> page, including the last rotation time and number of rotations.</p>
</div></div>
</div>
</div>
<div>
<div class="familylinks">

4
docs/kms/umn/kms_01_0095.html
View File

@ -3,9 +3,9 @@
<h1 class="topictitle1">Disabling Key Rotation</h1>
<div id="body1590484366386"><div class="section" id="kms_01_0095__section1774863214344"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0095__p205531436153414">This section describes how to disable rotation for a key on the KMS console.</p>
</div>
<div class="section" id="kms_01_0095__sa444d90e5d214eb2811cd143d283ed46"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0095__u8d744762a5f14274b80a02295bec5fc4"><li id="kms_01_0095__l455a8c9e2ed94f9db26092c377be7c32">You have obtained an account and its password for logging in to the management console.</li><li id="kms_01_0095__l29c610ba3033475bac6bc580953de191">The CMK is in <strong id="kms_01_0095__b5455815183120">Enabled</strong> status.</li><li id="kms_01_0095__l4ee73124cad8499f9ca881d8da04ea55">The <strong id="kms_01_0095__b9873121623116">Origin</strong> of the CMK is <strong id="kms_01_0095__b18873016143114">KMS</strong>.</li><li id="kms_01_0095__li1574014310238">Key rotation has been enabled.</li></ul>
<div class="section" id="kms_01_0095__sa444d90e5d214eb2811cd143d283ed46"><h4 class="sectiontitle">Prerequisites</h4><ul id="kms_01_0095__u8d744762a5f14274b80a02295bec5fc4"><li id="kms_01_0095__l29c610ba3033475bac6bc580953de191">The CMK is in <strong id="kms_01_0095__b5455815183120">Enabled</strong> status.</li><li id="kms_01_0095__l4ee73124cad8499f9ca881d8da04ea55">The <strong id="kms_01_0095__b9873121623116">Origin</strong> of the CMK is <strong id="kms_01_0095__b18873016143114">KMS</strong>.</li><li id="kms_01_0095__li1574014310238">Key rotation has been enabled.</li></ul>
</div>
<div class="section" id="kms_01_0095__section1953329183312"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0095__o5e2e47ccb4694d9a92de22a1b2e7063b"><li id="kms_01_0095__li122572361272"><span>Log in to the management console.</span></li><li id="kms_01_0095__li678575875"><span>Click <span><img id="kms_01_0095__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0095__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0095__menucascade2713655193113"><b><span class="uicontrol" id="kms_01_0095__uicontrol147123558318">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0095__uicontrol19712165512311">Key Management Service</span></b></span>. The <strong id="kms_01_0095__b107133556318">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0095__la52c5288d8f3424d86f1518fdfd6cc12"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0095__li1039614119182"><span>Click <strong id="kms_01_0095__b153349253212">Rotation Policy</strong>. The dialog box is displayed, as shown in <a href="#kms_01_0095__fig68513241314">Figure 1</a>.</span><p><div class="fignone" id="kms_01_0095__fig68513241314"><a name="kms_01_0095__fig68513241314"></a><a name="fig68513241314"></a><span class="figcap"><b>Figure 1 </b>CMK rotation details</span><br><span><img id="kms_01_0095__kms_01_0139_image1187122416310" src="en-us_image_0249629213.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0095__section1953329183312"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0095__o5e2e47ccb4694d9a92de22a1b2e7063b"><li id="kms_01_0095__li122572361272"><span>Log in to the management console.</span></li><li id="kms_01_0095__li678575875"><span>Click <span><img id="kms_01_0095__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0095__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0095__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0095__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0095__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0095__la52c5288d8f3424d86f1518fdfd6cc12"><span>Click the alias of the desired CMK to view its details.</span></li><li id="kms_01_0095__li1039614119182"><span>Click <strong id="kms_01_0095__b153349253212">Rotation Policy</strong>. The dialog box is displayed, as shown in <a href="#kms_01_0095__fig68513241314">Figure 1</a>.</span><p><div class="fignone" id="kms_01_0095__fig68513241314"><a name="kms_01_0095__fig68513241314"></a><a name="fig68513241314"></a><span class="figcap"><b>Figure 1 </b>CMK rotation details</span><br><span><img id="kms_01_0095__kms_01_0139_image1187122416310" src="en-us_image_0249629213.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0095__li746952291815"><span>Click <span><img id="kms_01_0095__image23714421187" src="en-us_image_0249631830.png"></span> to disable key rotation.</span></li><li id="kms_01_0095__li98911529104318"><span>In the displayed <strong id="kms_01_0095__b167471743143212">Disable Rotation Policy</strong> dialog box, click <strong id="kms_01_0095__b119734469329">Yes</strong>.</span><p><div class="fignone" id="kms_01_0095__fig16274101884411"><span class="figcap"><b>Figure 2 </b>Disabling key rotation</span><br><span><img id="kms_01_0095__image2275121812441" src="en-us_image_0249631818.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li><li id="kms_01_0095__li1678955016913"><span>Check the rotation status, as shown in <a href="#kms_01_0095__fig1580712501294">Figure 3</a>.</span><p><div class="fignone" id="kms_01_0095__fig1580712501294"><a name="kms_01_0095__fig1580712501294"></a><a name="fig1580712501294"></a><span class="figcap"><b>Figure 3 </b>Key rotation</span><br><span><img id="kms_01_0095__kms_01_0139_image1382911253297" src="en-us_image_0250541308.png" title="Click to enlarge" class="imgResize"></span></div>
</p></li></ol>

34
docs/kms/umn/kms_01_0096.html
View File

@ -1,29 +1,27 @@
<a name="kms_01_0096"></a><a name="kms_01_0096"></a>
<h1 class="topictitle1">Querying a CMK</h1>
<div id="body1469675083218"><div class="section" id="kms_01_0096__section6530676516634"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0096__p9254739102112">This section describes how to use the management console to view the information about a CMK, such as its alias, status, ID, and creation time. The status of a CMK can be <span class="parmname" id="kms_01_0096__parmname996037952"><b>Enabled</b></span>, <span class="parmname" id="kms_01_0096__parmname818689023"><b>Disabled</b></span>, <span class="parmname" id="kms_01_0096__parmname1356882890"><b>Pending deletion</b></span>, or <strong id="kms_01_0096__b842352706115442">Pending import</strong>.</p>
<div id="body1469675083218"><div class="section" id="kms_01_0096__section6530676516634"><h4 class="sectiontitle">Scenario</h4><p id="kms_01_0096__p9254739102112">This section describes how to use the management console to view the information about a CMK, such as its alias, status, ID, and creation time. The status of a CMK can be <span class="parmname" id="kms_01_0096__parmname1258472250"><b>Enabled</b></span>, <span class="parmname" id="kms_01_0096__parmname992346553"><b>Disabled</b></span>, <span class="parmname" id="kms_01_0096__parmname1508936573"><b>Pending deletion</b></span>, or <strong id="kms_01_0096__b842352706115442">Pending import</strong>.</p>
</div>
<div class="section" id="kms_01_0096__section6205788316731"><h4 class="sectiontitle">Prerequisites</h4><p id="kms_01_0096__p3458314518561">You have obtained an account and its password for logging in to the management console.</p>
</div>
<div class="section" id="kms_01_0096__section4980422016839"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0096__ol493401431695"><li id="kms_01_0096__li217307931245"><span>Log in to the management console.</span></li><li id="kms_01_0096__li678575875"><span>Click <span><img id="kms_01_0096__en-us_topic_0034330265_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0096__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0096__menucascade8366938161011"><b><span class="uicontrol" id="kms_01_0096__uicontrol19362113831020">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0096__uicontrol1536463812106">Key Management Service</span></b></span>. The <strong id="kms_01_0096__b236733811011">Key Management Service</strong> page is displayed.</span></li><li id="kms_01_0096__li33592484181925"><span>In the CMK list you can view details about the CMKs.</span><p><div class="fignone" id="kms_01_0096__fig4265586161137"><span class="figcap"><b>Figure 1 </b>CMK list</span><br><span><img id="kms_01_0096__image5783916163914" src="en-us_image_0129269716.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="section" id="kms_01_0096__section4980422016839"><h4 class="sectiontitle">Procedure</h4><ol id="kms_01_0096__ol493401431695"><li id="kms_01_0096__li217307931245"><span>Log in to the management console.</span></li><li id="kms_01_0096__li678575875"><span>Click <span><img id="kms_01_0096__kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0096__li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0096__kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0096__kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0096__kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0096__li33592484181925"><span>In the CMK list you can view details about the CMKs.</span><p><div class="fignone" id="kms_01_0096__fig4265586161137"><span class="figcap"><b>Figure 1 </b>CMK list</span><br><span><img id="kms_01_0096__image5783916163914" src="en-us_image_0129269716.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="note" id="kms_01_0096__note1382810432558"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0096__ul188291343135519"><li id="kms_01_0096__li1383134315558">Select the CMK status from the drop-down list of <strong id="kms_01_0096__b842352706152539">All statuses</strong>. Then the CMK list displays only the CMKs in the corresponding state.</li><li id="kms_01_0096__li583274316557">Enter the alias of a CMK in the search box on top of the CMK list. Click <span><img id="kms_01_0096__image7833124319556" src="en-us_image_0237809855.png"></span> or press Enter to search for the specified CMK.</li><li id="kms_01_0096__li53881931113511">You can click <strong id="kms_01_0096__b842352706152628">Search Tag</strong> to search for the CMK that meets the search criteria.</li><li id="kms_01_0096__li7833143195513">You can click <span><img id="kms_01_0096__image19121195063518" src="en-us_image_0237809857.png"></span> at the upper right corner on top of the CMK list to show or hide columns of the CMK list.</li></ul>
</div></div>
<p id="kms_01_0096__p21662009113741"><a href="#kms_01_0096__table15653286125723">Table 1</a> describes the parameters of a CMK list.</p>
<div class="tablenoborder"><a name="kms_01_0096__table15653286125723"></a><a name="table15653286125723"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0096__table15653286125723" frame="border" border="1" rules="all"><caption><b>Table 1 </b>CMK list parameters</caption><thead align="left"><tr id="kms_01_0096__row16764658153819"><th align="left" class="cellrowborder" valign="top" width="24.25%" id="mcps1.3.3.2.4.2.4.2.3.1.1"><p id="kms_01_0096__p14764258193819"><strong>Parameter</strong></p>
<div class="tablenoborder"><a name="kms_01_0096__table15653286125723"></a><a name="table15653286125723"></a><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0096__table15653286125723" frame="border" border="1" rules="all"><caption><b>Table 1 </b>CMK list parameters</caption><thead align="left"><tr id="kms_01_0096__row16764658153819"><th align="left" class="cellrowborder" valign="top" width="24.25%" id="mcps1.3.2.2.4.2.4.2.3.1.1"><p id="kms_01_0096__p14764258193819"><strong id="kms_01_0096__b768213278264">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="75.75%" id="mcps1.3.3.2.4.2.4.2.3.1.2"><p id="kms_01_0096__p676455893817"><strong id="kms_01_0096__b842352706112113">Description</strong></p>
<th align="left" class="cellrowborder" valign="top" width="75.75%" id="mcps1.3.2.2.4.2.4.2.3.1.2"><p id="kms_01_0096__p676455893817"><strong id="kms_01_0096__b842352706112113">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0096__row1764115873811"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.3.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p576455823813">Alias</p>
<tbody><tr id="kms_01_0096__row1764115873811"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.2.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p576455823813">Alias</p>
</td>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.3.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p97641858183818">Alias of a CMK</p>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.2.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p97641858183818">Alias of a CMK</p>
</td>
</tr>
<tr id="kms_01_0096__row87642058133813"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.3.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p117641558113812">Status</p>
<tr id="kms_01_0096__row87642058133813"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.2.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p117641558113812">Status</p>
</td>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.3.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p1076495815384">Status of a CMK, which can be one of the following:</p>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.2.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p1076495815384">Status of a CMK, which can be one of the following:</p>
<ul id="kms_01_0096__ul19764125893812"><li id="kms_01_0096__li1976415583381"><strong id="kms_01_0096__b842352706171111">Enabled</strong><p id="kms_01_0096__p9764125816382">The CMK is enabled.</p>
</li><li id="kms_01_0096__li376475819385"><strong id="kms_01_0096__b842352706174855">Disabled</strong><p id="kms_01_0096__p4764155803819">The CMK is disabled.</p>
</li><li id="kms_01_0096__li1176495814387"><strong id="kms_01_0096__b842352706114222">Pending deletion</strong><p id="kms_01_0096__p3764458173813">The CMK is scheduled for deletion.</p>
@ -31,24 +29,24 @@
</li></ul>
</td>
</tr>
<tr id="kms_01_0096__row1576425817386"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.3.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p167641858103812">ID</p>
<tr id="kms_01_0096__row1576425817386"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.2.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p167641858103812">ID</p>
</td>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.3.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p8764258143816">Random ID of a CMK generated during the CMK creation</p>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.2.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p8764258143816">Random ID of a CMK generated during the CMK creation</p>
</td>
</tr>
<tr id="kms_01_0096__row14764125813817"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.3.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p107649589384">Creation Time</p>
<tr id="kms_01_0096__row14764125813817"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.2.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p107649589384">Creation Time</p>
</td>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.3.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p8764165817388">Creation time of the CMK</p>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.2.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p8764165817388">Creation time of the CMK</p>
</td>
</tr>
<tr id="kms_01_0096__row12764145843815"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.3.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p5764758143816">Expiration Time</p>
<tr id="kms_01_0096__row12764145843815"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.2.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p5764758143816">Expiration Time</p>
</td>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.3.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p1476425813388">Expiration time of the key material. When the material expires, the CMK becomes an empty CMK.</p>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.2.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p1476425813388">Expiration time of the key material. When the material expires, the CMK becomes an empty CMK.</p>
</td>
</tr>
<tr id="kms_01_0096__row1276445816383"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.3.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p376411581387">Origin</p>
<tr id="kms_01_0096__row1276445816383"><td class="cellrowborder" valign="top" width="24.25%" headers="mcps1.3.2.2.4.2.4.2.3.1.1 "><p id="kms_01_0096__p376411581387">Origin</p>
</td>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.3.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p0764115833812">Source of key material, which can be one of the following:</p>
<td class="cellrowborder" valign="top" width="75.75%" headers="mcps1.3.2.2.4.2.4.2.3.1.2 "><p id="kms_01_0096__p0764115833812">Source of key material, which can be one of the following:</p>
<ul id="kms_01_0096__ul1476475818381"><li id="kms_01_0096__li97645586384"><strong id="kms_01_0096__b842352706115215">External</strong><p id="kms_01_0096__p14764165843814">You import the key material for the CMK.</p>
</li><li id="kms_01_0096__li1176465813385">Key Management Service<p id="kms_01_0096__p1176465810383"><a name="kms_01_0096__li1176465813385"></a><a name="li1176465813385"></a>The CMK uses KMS-generated material.</p>
</li></ul>

12
docs/kms/umn/kms_01_0100.html Normal file
View File

@ -0,0 +1,12 @@
<a name="kms_01_0100"></a><a name="kms_01_0100"></a>
<h1 class="topictitle1">Product Advantages</h1>
<div id="body8662426"><ul id="kms_01_0100__en-us_topic_0167929053_ul376114113315"><li id="kms_01_0100__en-us_topic_0167929053_li1899210498236">Extensive Service Integration<p id="kms_01_0100__en-us_topic_0167929053_p4604195102314"><a name="kms_01_0100__en-us_topic_0167929053_li1899210498236"></a><a name="en-us_topic_0167929053_li1899210498236"></a>KMS can be integrated with Object Storage Service (OBS), Elastic Volume Service (EVS), and Image Management Service (IMS), to manage keys of these services on the KMS console, and encrypt and decrypt your local data by making the KMS API calls.</p>
</li><li id="kms_01_0100__en-us_topic_0167929053_li1183145952314">Regulatory Compliance</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0045.html">Key Management</a></div>
</div>
</div>

39
docs/kms/umn/kms_01_0101.html Normal file
View File

@ -0,0 +1,39 @@
<a name="kms_01_0101"></a><a name="kms_01_0101"></a>
<h1 class="topictitle1">What Are the Differences Between a Custom Key and a Default Key?</h1>
<div id="body8662426"><p id="kms_01_0101__en-us_topic_0112947524_p5076864893027">The following table describes the differences between a custom key and a default key.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="kms_01_0101__en-us_topic_0112947524_table3710455493120" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Differences between a custom key and a default key</caption><thead align="left"><tr id="kms_01_0101__en-us_topic_0112947524_row689534593120"><th align="left" class="cellrowborder" valign="top" width="20.11%" id="mcps1.3.2.2.4.1.1"><p id="kms_01_0101__en-us_topic_0112947524_p6065075293120">Item</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="35.15%" id="mcps1.3.2.2.4.1.2"><p id="kms_01_0101__en-us_topic_0112947524_p1915223993559">Definition</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="44.74%" id="mcps1.3.2.2.4.1.3"><p id="kms_01_0101__en-us_topic_0112947524_p4113363693120">Difference</p>
</th>
</tr>
</thead>
<tbody><tr id="kms_01_0101__en-us_topic_0112947524_row1311937993120"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.2.2.4.1.1 "><p id="kms_01_0101__en-us_topic_0112947524_p5603678893120">Custom key</p>
</td>
<td class="cellrowborder" valign="top" width="35.15%" headers="mcps1.3.2.2.4.1.2 "><p id="kms_01_0101__en-us_topic_0112947524_p3004822193559"><span id="kms_01_0101__en-us_topic_0112947524_ph387329699401">A Key Encryption Key (KEK) created using KMS. The key is used to encrypt and protect DEKs.</span></p>
<p id="kms_01_0101__en-us_topic_0112947524_p531672849402">A custom key can be used to encrypt multiple DEKs.</p>
</td>
<td class="cellrowborder" valign="top" width="44.74%" headers="mcps1.3.2.2.4.1.3 "><ul id="kms_01_0101__en-us_topic_0112947524_ul1891314016577"><li id="kms_01_0101__en-us_topic_0112947524_li109131840185712">It can be disabled and scheduled for deletion.</li><li id="kms_01_0101__en-us_topic_0112947524_li176598420574">It is billed per use after the being created or imported.</li></ul>
</td>
</tr>
<tr id="kms_01_0101__en-us_topic_0112947524_row4667679093120"><td class="cellrowborder" valign="top" width="20.11%" headers="mcps1.3.2.2.4.1.1 "><p id="kms_01_0101__en-us_topic_0112947524_p2272364493120">Default key</p>
</td>
<td class="cellrowborder" valign="top" width="35.15%" headers="mcps1.3.2.2.4.1.2 "><p id="kms_01_0101__en-us_topic_0112947524_p1798684193559">Automatically generated by the system when you use KMS to encrypt data in another cloud service for the first time. The suffix of the key is <strong id="kms_01_0101__en-us_topic_0112947524_b842352706143025">/default</strong>.</p>
<p id="kms_01_0101__en-us_topic_0112947524_p6175177194218">Example: <strong id="kms_01_0101__en-us_topic_0112947524_b842352706235235">evs/default</strong></p>
</td>
<td class="cellrowborder" valign="top" width="44.74%" headers="mcps1.3.2.2.4.1.3 "><ul id="kms_01_0101__en-us_topic_0112947524_ul852523085817"><li id="kms_01_0101__en-us_topic_0112947524_li15251430115818">It cannot be disabled or scheduled for deletion.</li><li id="kms_01_0101__en-us_topic_0112947524_li1612931155812">You are not charged when you use the cloud service automatically generated by the system. If the number of API requests exceeds 20,000, you will be billed.</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0037.html">FAQs</a></div>
</div>
</div>

12
docs/kms/umn/kms_01_0102.html Normal file
View File

@ -0,0 +1,12 @@
<a name="kms_01_0102"></a><a name="kms_01_0102"></a>
<h1 class="topictitle1">Can I Export a CMK from KMS?</h1>
<div id="body8662426"><p id="kms_01_0102__en-us_topic_0112947523_p9810320162141">No.</p>
<p id="kms_01_0102__en-us_topic_0112947523_p16624289112057">To ensure CMK security, users can only create and use CMKs in KMS.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0037.html">FAQs</a></div>
</div>
</div>

23
docs/kms/umn/kms_01_0106.html Normal file
View File

@ -0,0 +1,23 @@
<a name="kms_01_0106"></a><a name="kms_01_0106"></a>
<h1 class="topictitle1">What Are the Benefits of Envelope Encryption?</h1>
<div id="body8662426"><p id="kms_01_0106__en-us_topic_0112947552_p636231572315">Envelope encryption is the practice of encrypting data with a DEK and then encrypting the DEK with a root key that you can fully manage. In this case, CMKs are not required for encryption or decryption.</p>
<p id="kms_01_0106__en-us_topic_0112947552_p55067918252">Benefits:</p>
<ul id="kms_01_0106__en-us_topic_0112947552_ul1012722115254"><li id="kms_01_0106__en-us_topic_0112947552_li41556328254">Advantages over CMK encryption in KMS<p id="kms_01_0106__en-us_topic_0112947552_p45141745104214"><a name="kms_01_0106__en-us_topic_0112947552_li41556328254"></a><a name="en-us_topic_0112947552_li41556328254"></a>Users can use CMKs to encrypt and decrypt data on the KMS console or by calling KMS APIs.</p>
<p id="kms_01_0106__en-us_topic_0112947552_p8134841102518">A CMK can encrypt and decrypt data no more than 4 KB. An envelope can encrypt and decrypt larger volumes of data.</p>
<p id="kms_01_0106__en-us_topic_0112947552_p141341741202516">Data encrypted using envelopes does not need to be transferred. Only the DEKs need to be transferred to the KMS server.</p>
</li><li id="kms_01_0106__en-us_topic_0112947552_li7912184511252">Advantages over encryption by using cloud services<ul id="kms_01_0106__en-us_topic_0112947552_ul11965201322615"><li id="kms_01_0106__en-us_topic_0112947552_li1396561372611">Security<p id="kms_01_0106__en-us_topic_0112947552_p139651713172617"><a name="kms_01_0106__en-us_topic_0112947552_li1396561372611"></a><a name="en-us_topic_0112947552_li1396561372611"></a>Data transferred to the cloud for encryption is exposed to risks such as interception and phishing.</p>
<p id="kms_01_0106__en-us_topic_0112947552_p10166195318269">During envelope encryption, KMS uses Hardware Security Modules (HSMs) to protect keys. All CMKs are protected by root keys in HSMs to avoid key leakage.</p>
</li><li id="kms_01_0106__en-us_topic_0112947552_li4965213132610">Trustworthiness<p id="kms_01_0106__en-us_topic_0112947552_p117009372817"><a name="kms_01_0106__en-us_topic_0112947552_li4965213132610"></a><a name="en-us_topic_0112947552_li4965213132610"></a>You will worry about data security on the cloud. It is also difficult for cloud services to prove that they never misuse or disclose such data.</p>
<p id="kms_01_0106__en-us_topic_0112947552_p1054826152813">If you choose envelope encryption, KMS will control access to keys and record all usages of and operations on keys with traceable logs, meeting your audit and regulatory compliance requirements.</p>
</li><li id="kms_01_0106__en-us_topic_0112947552_li396514138265">Performance and cost<p id="kms_01_0106__en-us_topic_0112947552_p199651713152614"><a name="kms_01_0106__en-us_topic_0112947552_li396514138265"></a><a name="en-us_topic_0112947552_li396514138265"></a>To encrypt or decrypt data using a cloud service, you have to send the data to the encryption server and receive the processed data. This process seriously affects your service performance and incurs high costs.</p>
<p id="kms_01_0106__en-us_topic_0112947552_p28241193288">Envelope encryption allows you to generate DEKs online by calling KMS cryptographic algorithm APIs, and to encrypt a large amount of local data with the DEKs.</p>
</li></ul>
</li></ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0037.html">FAQs</a></div>
</div>
</div>

21
docs/kms/umn/kms_01_0107.html Normal file
View File

@ -0,0 +1,21 @@
<a name="kms_01_0107"></a><a name="kms_01_0107"></a>
<h1 class="topictitle1">How Do I Use the Online Tool to Encrypt or Decrypt Small Volumes of Data?</h1>
<div id="body8662426"><p id="kms_01_0107__en-us_topic_0112947639_p1041034202">You can use the online tool to encrypt or decrypt data in the following procedures:</p>
<div class="section" id="kms_01_0107__en-us_topic_0112947639_section1128520338576"><h4 class="sectiontitle">Encrypting Data</h4><ol id="kms_01_0107__kms_01_0022_ol17677259151342"><li id="kms_01_0107__kms_01_0022_li3884479212721"><span>Log in to the management console.</span></li><li id="kms_01_0107__kms_01_0022_li678575875"><span>Click <span><img id="kms_01_0107__kms_01_0022_kms_01_194_image10325154918393" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0107__kms_01_0022_li5858326415513"><span>Choose <span class="menucascade" id="kms_01_0107__kms_01_0022_kms_01_194_menucascade601548114717"><b><span class="uicontrol" id="kms_01_0107__kms_01_0022_kms_01_194_uicontrol27695743192038">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0107__kms_01_0022_kms_01_194_uicontrol47935096192038">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0107__kms_01_0022_li61846714151510"><span>Click the alias of the desired CMK to view its details on the online data encryption page.</span></li><li id="kms_01_0107__kms_01_0022_li8513572061"><span>Click <strong id="kms_01_0107__kms_01_0022_b6548171014582">Encrypt</strong>. In the text box on the left, enter the data to be encrypted.</span></li><li id="kms_01_0107__kms_01_0022_li145581622484"><span>Click <strong id="kms_01_0107__kms_01_0022_b47131211748">Execute</strong>. The data encryption result is displayed in the text box on the right.</span><p><div class="note" id="kms_01_0107__kms_01_0022_note1652557269"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0107__kms_01_0022_ul13212113916814"><li id="kms_01_0107__kms_01_0022_li8211914111510">The key you clicked is used for encryption.</li><li id="kms_01_0107__kms_01_0022_li4212153919814">To clear your input, click <strong id="kms_01_0107__kms_01_0022_b13658162316611">Clear</strong>.</li><li id="kms_01_0107__kms_01_0022_li152125391984">To copy the encrypted data, click <strong id="kms_01_0107__kms_01_0022_b166261057863">Copy to Clipboard</strong>. You can then paste and save it to a local file.</li></ul>
</div></div>
</p></li></ol>
</div>
<div class="section" id="kms_01_0107__en-us_topic_0112947639_section861815517577"><h4 class="sectiontitle">Decrypting Data</h4><ol id="kms_01_0107__kms_01_0022_ol12988161919918"><li id="kms_01_0107__kms_01_0022_li14740215517"><span>Log in to the management console.</span></li><li id="kms_01_0107__kms_01_0022_li544455916716"><span>Click <span><img id="kms_01_0107__kms_01_0022_kms_01_194_image10325154918393_1" src="en-us_image_0237800345.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="kms_01_0107__kms_01_0022_li345121831316"><span>Choose <span class="menucascade" id="kms_01_0107__kms_01_0022_kms_01_194_menucascade601548114717_1"><b><span class="uicontrol" id="kms_01_0107__kms_01_0022_kms_01_194_uicontrol27695743192038_1">Security</span></b> &gt; <b><span class="uicontrol" id="kms_01_0107__kms_01_0022_kms_01_194_uicontrol47935096192038_1">Key Management Service</span></b></span> . The key management page is displayed.</span></li><li id="kms_01_0107__kms_01_0022_li1486413121014"><span>Click the alias of an enabled key (excepting Default Master Keys) to open the online tool page.</span></li><li id="kms_01_0107__kms_01_0022_li11865163131014"><span>Click <strong id="kms_01_0107__kms_01_0022_b42098619214">Decrypt</strong>. In the text box on the left, enter the data to be decrypted.</span><p><div class="note" id="kms_01_0107__kms_01_0022_note3864113161017"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="kms_01_0107__kms_01_0022_ul1812317431410"><li id="kms_01_0107__kms_01_0022_li312313481420">The online tool automatically identifies the key used for data encryption, and uses it to decrypt data.</li><li id="kms_01_0107__kms_01_0022_li41234411143">If the key has been deleted, the decryption will fail.</li></ul>
</div></div>
</p></li><li id="kms_01_0107__kms_01_0022_li78650312108"><span>Click <strong id="kms_01_0107__kms_01_0022_b81315411811">Execute</strong>. The data decryption result is displayed in plaintext in the text box on the right.</span><p><div class="note" id="kms_01_0107__kms_01_0022_note15120629191411"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="kms_01_0107__kms_01_0022_p1612216292140">To copy the decrypted data, click <strong id="kms_01_0107__kms_01_0022_b87934716914">Copy to Clipboard</strong>. You can then paste and save it to a local file.</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="kms_01_0037.html">FAQs</a></div>
</div>
</div>

Some files were not shown because too many files have changed in this diff Show More